Learn to Hack
  • Introduction
    • 💀whoami
    • Writeups
      • What happens when you request a website?
      • What is bug bounty methodology?
      • Reverse Engineer an API
      • How to discover websites which got recently available on internet?
  • Where to Start?
    • Learn to hack
    • Web Basics
    • HTTP Basics
    • Networking Basics
    • Linux Basics
    • Programming Basics
    • Hacking and its types
    • Phases of hacking
    • Bug Bounty
      • Public bug bounty programs
      • Bug Bounty Methodologies
  • Learn Hacking
    • Platforms to learn hacking
    • Courses for hacking and cybersecurity
    • Youtube Channels CyberSecurity
    • Bug Bounty Writeups
    • Security Books
    • Security Blogs
    • Security News
  • Practice Hacking
    • Practice hacking skills
  • Security Bugs
    • GQL GraphQL
    • Exploit Payment Gateways
    • Unrestricted File Upload
      • Real world report PoCs
    • XSS Cross Site Scripting
      • XSS discovery using dalfox, waybackurls, gau
      • Real world report PoCs
    • CSRF Cross Site Request Forgery
      • Real world reports PoCs
    • SSRF Server Side Request Forgery
      • SSRF Bypass via OpenRedirect
      • SSRF hunt with httpx & aquatone
      • Real world report PoCs
    • BAC Broken Access Control
    • BOLA Broken Object Level Authorization
    • SQLi SQL Injection
      • Real world report PoCs
    • RCE Remote Code Execution
      • Real world report PoCs
    • IDOR Insecure Direct Object Reference
      • Real world report PoCs
  • Security Tools
    • Recon
      • Subdomain Enumeration
      • Port Scanning
      • Screenshots
      • Identify Technologies
      • Content Discovery
      • Find Links
      • Parameters
      • Fuzzing
    • Exploitation
      • Command Injection
      • CORS Misconfiguration
      • CRLF Injection
      • CSRF Injection
      • Directory Traversal
      • File Inclusion
      • GraphQL Injection
      • Header Injection
      • Insecure Deserialization
      • Insecure Direct Object Reference
      • Open Redirect
      • Race Condition
      • Request Smuggling
      • SSRF Server Side Request Forgery
      • SQLi SQL Injection
      • XSS Cross Site Scripting
      • XXE Injection
    • Setup Burp Collaborator Server
    • Miscellaneous
      • Passwords
      • Secrets
      • Git
      • Buckets
      • CMS
      • JSON Web Token
      • post Message
      • Subdomain Takeover
      • Vulnerability Scanners
      • More tools
  • Security Verification Standards
    • ASVS Application Security Verification Standard
    • MASVS Mobile Application Security Verification Standard
  • Security Testing Guides
    • Rest API Security Checklist
    • Web Application Testing Techniques
    • Web Security Testing Guide
    • Mobile Security Testing Guide
  • Security findings
    • Security Articles
  • Special Thanks
Powered by GitBook
On this page
  1. Security Bugs

GQL GraphQL

The below articles contains resources to learn and exploit gQL.

PreviousPractice hacking skillsNextExploit Payment Gateways

Last updated 2 years ago

LogoDiscovering GraphQL endpoints and SQLi vulnerabilitiesMedium
The 5 Most Common GraphQL Security VulnerabilitiesCarve Systems