Performing CSRF Exploits Over GraphQL

Поделиться
HTML-код
  • Опубликовано: 26 сен 2024

Комментарии • 10

  • @mnageh-bo1mm
    @mnageh-bo1mm 4 месяца назад +3

    what? most endpoints I came across were using content type json triggering a preflight request which killed any attempt of csrf

    • @intigriti
      @intigriti  4 месяца назад

      It's probably uncommon, Portswigger stated:
      "POST requests that use a content type of application/json are secure against forgery as long as the content type is validated. However, alternative methods such as GET, or any request that has a content type of x-www-form-urlencoded"
      Worth a try! 🙏

    • @mnageh-bo1mm
      @mnageh-bo1mm 4 месяца назад

      @@intigriti thx ... Looks like it's validated too.

  • @jaywandery9269
    @jaywandery9269 2 месяца назад

    My generated CSRF POC is not auto submitting the form. I have to press the submit button for the exploit to work, hence the lab won't solve.

    • @intigriti
      @intigriti  2 месяца назад +1

      Does it look like the PoC used in the video?

  • @LearnTv-qy5xb
    @LearnTv-qy5xb 3 месяца назад

    Nice

  • @mnageh-bo1mm
    @mnageh-bo1mm 4 месяца назад +1

    Nice video tho

    • @intigriti
      @intigriti  4 месяца назад +1

      Appreciate it 💜

Следующие
Автовоспроизведение
Exploiting LLM APIs with Excessive Agency9:28Exploiting LLM APIs with Excessive Agency
Exploiting LLM APIs with Excessive AgencyIntigriti
Просмотров 1,2 тыс.
Aggressive Scanning in Bug Bounty (and how to avoid it)18:18Aggressive Scanning in Bug Bounty (and how to avoid it)
Aggressive Scanning in Bug Bounty (and how to avoid it)Intigriti
Просмотров 2,1 тыс.
Introduction to GraphQL Attacks18:50Introduction to GraphQL Attacks
Introduction to GraphQL AttacksIntigriti
Просмотров 1,9 тыс.
Land of Fire & Ruin 🔥01:08Land of Fire & Ruin 🔥
Land of Fire & Ruin 🔥CookieRun: Kingdom
Просмотров 90 тыс.
'I'm Quicker Than You, Going Backwards!' | Liverpool Players React To FC 25 Ratings!13:58'I'm Quicker Than You, Going Backwards!' | Liverpool Players React To FC 25 Ratings!
'I'm Quicker Than You, Going Backwards!' | Liverpool Players React To FC 25 Ratings!Liverpool FC
Просмотров 289 тыс.
STUCK In A Car With Johnnie Guilbert20:35STUCK In A Car With Johnnie Guilbert
STUCK In A Car With Johnnie GuilbertTarayummy
Просмотров 701 тыс.
Gladiator II | New Trailer (2024 Movie) - Paul Mescal, Pedro Pascal, Denzel Washington, Ridley Scott02:33Gladiator II | New Trailer (2024 Movie) - Paul Mescal, Pedro Pascal, Denzel Washington, Ridley Scott
Gladiator II | New Trailer (2024 Movie) - Paul Mescal, Pedro Pascal, Denzel Washington, Ridley ScottParamount Pictures
Просмотров 10 млн
#NahamCon2024: GraphQL is the New PHP | @0xlupin26:17#NahamCon2024: GraphQL is the New PHP | @0xlupin
#NahamCon2024: GraphQL is the New PHP | @0xlupinNahamSec
Просмотров 7 тыс.
GraphQL API Vulnerabilities: Accessing private GraphQL posts5:30GraphQL API Vulnerabilities: Accessing private GraphQL posts
GraphQL API Vulnerabilities: Accessing private GraphQL postsEmanuele Picariello
Просмотров 817
Exploiting Server-side Parameter Pollution in a Query String11:26Exploiting Server-side Parameter Pollution in a Query String
Exploiting Server-side Parameter Pollution in a Query StringIntigriti
Просмотров 6 тыс.
Understanding how to hack GraphQL | Nick Aleks | GraphQL Wroclaw Meetup #1328:57Understanding how to hack GraphQL | Nick Aleks | GraphQL Wroclaw Meetup #13
Understanding how to hack GraphQL | Nick Aleks | GraphQL Wroclaw Meetup #13Mirumee Labs
Просмотров 523
Finding Your Next Bug: GraphQL Hacking - Katie Paxton-Fear (@InsiderPhd)54:34Finding Your Next Bug: GraphQL Hacking - Katie Paxton-Fear (@InsiderPhd)
Finding Your Next Bug: GraphQL Hacking - Katie Paxton-Fear (@InsiderPhd)OWASP London
Просмотров 3,7 тыс.
CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short Version19:32CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short Version
CSRF - Lab #5 CSRF where token is tied to non-session cookie | Short VersionRana Khalil
Просмотров 26 тыс.
Finding Your First Bug: Cross-Site Request Forgery (CSRF)21:10Finding Your First Bug: Cross-Site Request Forgery (CSRF)
Finding Your First Bug: Cross-Site Request Forgery (CSRF)InsiderPhD
Просмотров 16 тыс.
Cross-Site Request Forgery (CSRF) Explained14:11Cross-Site Request Forgery (CSRF) Explained
Cross-Site Request Forgery (CSRF) ExplainedPwnFunction
Просмотров 450 тыс.
So you want to Hack GraphQL APIs ??42:33So you want to Hack GraphQL APIs ??
So you want to Hack GraphQL APIs ??ConsoleCowboys
Просмотров 1,1 тыс.
МАМА В 16 | 2 СЕЗОН, 4 ВЫПУСК | АДЕЛИНА, УФА1:10:24МАМА В 16 | 2 СЕЗОН, 4 ВЫПУСК | АДЕЛИНА, УФА
МАМА В 16 | 2 СЕЗОН, 4 ВЫПУСК | АДЕЛИНА, УФАМама в 16
Просмотров 1,9 млн
24 ЧАСА ЕДЕМ в САМОМ ДЕШЕВОМ ПЛАЦКАРТЕ БЕЛАРУСИ с TATWOLE / Дорого vs Дешево челлендж40:5724 ЧАСА ЕДЕМ в САМОМ ДЕШЕВОМ ПЛАЦКАРТЕ БЕЛАРУСИ с TATWOLE / Дорого vs Дешево челлендж
24 ЧАСА ЕДЕМ в САМОМ ДЕШЕВОМ ПЛАЦКАРТЕ БЕЛАРУСИ с TATWOLE / Дорого vs Дешево челленджАлексей Столяров
Просмотров 309 тыс.
What really determines the price of a token? Hamster Girl explains ⚡️ Hamster Academy03:33What really determines the price of a token? Hamster Girl explains ⚡️ Hamster Academy
What really determines the price of a token? Hamster Girl explains ⚡️ Hamster AcademyHamster Kombat
Просмотров 12 млн
СИРОПНЫЙ ЧЕЛЛЕНДЖ ТАКОЙ СМЕШНОЙ! #Shorts #Глент00:38СИРОПНЫЙ ЧЕЛЛЕНДЖ ТАКОЙ СМЕШНОЙ! #Shorts #Глент
СИРОПНЫЙ ЧЕЛЛЕНДЖ ТАКОЙ СМЕШНОЙ! #Shorts #ГлентГЛЕНТ
Просмотров 1,9 млн
БЕЛКА СЬЕЛА КОТЕНКА?#cat00:13БЕЛКА СЬЕЛА КОТЕНКА?#cat
БЕЛКА СЬЕЛА КОТЕНКА?#catЛайки Like
Просмотров 1,8 млн
We finally APPROVED @ZachChoi00:31We finally APPROVED @ZachChoi
We finally APPROVED @ZachChoiLionfield
Просмотров 4,2 млн
神級躲閃,這反應速度太帥了! #shorts #sports #fighting00:11神級躲閃,這反應速度太帥了! #shorts #sports #fighting
神級躲閃,這反應速度太帥了! #shorts #sports #fighting武林之巅
Просмотров 916 тыс.
Этот чехол НЕ ЗАЩИТИТ твой телефон #shorts #шортс #смартфон #факты #чехол00:45Этот чехол НЕ ЗАЩИТИТ твой телефон #shorts #шортс #смартфон #факты #чехол
Этот чехол НЕ ЗАЩИТИТ твой телефон #shorts #шортс #смартфон #факты #чехолThis is Хорошо
Просмотров 361 тыс.