GraphQL – All You Need to Know

Parsed 12k+ bug-bounty write-ups & blogs (and counting 24/7) and mapped each to CWE + language. Quick hits:.• ~60% of RCEs happen in PHP/JS.• >50% of GraphQL bugs are plain access-control issues. Free site coming soon - reply "access" for an early invite! #bugbounty #hacking

🧠 GraphQL Introspection + Injection.1️⃣ Introspection enabled → attacker maps full schema.2️⃣ Finds sensitive queries/mutations.3️⃣ Sends crafted input to vulnerable resolver.4️⃣ Possible SQLi, IDOR, or RCE in backend.🎯 Schema leak → attack blueprint.#bugbounty #graphql

Been working on this tRPC-stlye GraphQL framework for over 2 years now! . It's finally ready! Check out the first Alpha Release!. GraphQL was never more fun!.(everything you hate about it is gone, I promise!). (link in replies)

Sometimes you get good bounties even without “bug-bounty”. Tip: Never skip GraphQL functionalities, In my cade without even logging in to web app, I was able to Dump PII (Limited disclosure) but still without any authentication. CC: @ThisIsDK999 . #BugBounty #bugbountytips

Still can’t mint new items on Opensea. The GraphQL error is ongoing. This is exactly how I feel: 🫠. @opensea @opensea_support

Something’s not quite right here….GraphQL API Hacking 😅. Can you spot the vulnerability?

No wonder some merchants told me my app stopped working suddenly, Shopify straight up served graphQL response without some fields, probably of older API versions (from inspecting the app logs)

See why I’m calling it unstoppable. This video dives into what makes Nitro GraphQL a game-changer — hot reload, auto-typing, tons of new features…. I’m spinning up a GraphQL server to see for myself. Could this be the best thing that’s ever happened to GraphQL?

GraphQL is the future of APIs !!!. Wanna know, how you can build GraphQL APIs on your Laravel app?

Wrote a quick blog for GraphQL 2fa testing!.

Kenya JUG is inviting you to share your expertise!.Topic highlights this week:.🚀 Spring AI.🔌 APIs w/ Java + GraphQL. Ready to share your knowledge?.👉 Apply now: #KenyaJUG #Java #GraphQL #SpringAI

zkgm . Just spotted that @union_build added a new API section in their docs 👀. If you’re building something cool with onchain data, it’s worth checking out.

Anyone else getting an error while trying to mint on OpenSea?.Is it a technical issue or just me? 🤔. [GraphQL] 😏

Vibe coded a Shopify menu migrator: .. Uses Storefront API to grab menus; uses Admin GraphQL API to write menus. Used @claudeai as the brains, tested as my IDE.

Потому что GraphQL переусложнённое говно?

zkgm. just noticed @union_build added new API tab in their docs👀. If anyone’s looking to build something cool with onchain data go check it out.

What if I told you I built a profitable app without:. - TypeScript.- Tests.- Frameworks like Laravel or Next.js.- Docker.- GraphQL.- Tailwind. AI tools like Cursor (its true I used chat gpt). Just vanilla React JS, plain PHP (or wp rest api), MySQL, and a $6 VPS. No CI/CD. No

Always check GraphQL requests don't rely on UI, the REMOVE option for super admin user was not shown on the UI of website, however the admin is able to remove the user via GraphQL request. #BugBounty