forked from wallarm/fast-detects
-
Notifications
You must be signed in to change notification settings - Fork 0
/
graphql.yaml
40 lines (35 loc) · 1.18 KB
/
graphql.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
send:
- method: 'POST'
url: '/graphql'
headers:
- Content-Type: application/json
body: '{"query":"query {__schema{types {name}}}","variables":{},"operationName":null}'
- method: 'POST'
url: '/api/graphql'
headers:
- Content-Type: application/json
body: '{"query":"query {__schema{types {name}}}","variables":{},"operationName":null}'
- method: 'POST'
url: '/graphql/'
headers:
- Content-Type: application/json
body: '{"query":"query {__schema{types {name}}}","variables":{},"operationName":null}'
- method: 'POST'
url: '/-/graphql-explorer'
headers:
- Content-Type: application/json
body: '{"query":"query {__schema{types {name}}}","variables":{},"operationName":null}'
detect:
- response:
- body: '{"data":{"__schema"'
meta-info:
- title: "Disclosure of technical information at Graphql"
- description: "Technical disclosure at GraphQL may cause information leakage. In case of improper configuration, a malicious user may get some critical information and use it for other attacks."
- type: info
- threat: 20
- applicable_for:
- fast
- scanner
- tags:
- Graphql
- Information Exposure