Exploiting Unsanitized Arguments
For example, the query below requests a product list for an online shop:
#Example product query
query {
products {
id
name
listed
}
}
The product list returned contains only listed products.
#Example product response
{
"data": {
"products": [
{
"id": 1,
"name": "Product 1",
"listed": true
},
{
"id": 2,
"name": "Product 2",
"listed": true
},
{
"id": 4,
"name": "Product 4",
"listed": true
}
]
}
}
By querying the ID of the missing product, we can get its details, even though it is not listed on the shop and was not returned by the original product query.
#Query to get missing product
query {
product(id: 3) {
id
name
listed
}
}
#Missing product response
{
"data": {
"product": {
"id": 3,
"name": "Product 3",
"listed": no
}
}
}
Last updated
Was this helpful?