While doing recon I found this '/graphql' endpoint. Did some introspection and found a few fields that seem not so sensitive. Would this still be considered as a security issue?

This page summarizes the projects mentioned and recommended in the original post on /r/HowToHack
GraphQL api-documentation Visualization Graphviz graphql-tools

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
Our great sponsors

  • graphql-voyager

    πŸ›°οΈ Represent any GraphQL API as an interactive graph

    • Disclosure of the schema of a GraphQL API is at least informational. You can use a tool such as GraphQL Voyager to visualize what you got and see if there are any unprotected sensitive operations available.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts