🤓Information Disclosure

Information Disclosure

There is not much to explain in vulnerability It simply allows unauthorized user to access sensitive information of the application.

information disclosure can be find by looking at the introspection query's output , error field suggestion and much more.

Example :

query {
  user(id: "123") {
    id
    username
    email
    password  # Sensitive information disclosed
    token    # Sensitive information disclosed
  }
}

H1 reports

Shopify disclosed on HackerOne: H1514 [beerify.shopifycloud.com]...HackerOne

1st

Shopify disclosed on HackerOne: H1514 Get access to non public...HackerOne

2nd

X / xAI disclosed on HackerOne: Private list members disclosure via...HackerOne

3rd

GitLab disclosed on HackerOne: GraphQL query "namespace" leaks dataHackerOne

4th

Shopify disclosed on HackerOne: [h1-2102] shopApps query from the...HackerOne

5th