Hello World!, I’m Eshan Singh aka R0X4R. I’m here to share my recent findings on GraphQL IDOR (Insecure Direct Object Reference), which leads to information disclosure. So, let’s start. I’m signing in…

What is GraphQL?

The GraphQL Foundation defines “GraphQL is an open-source data query and manipulation language for APIs, and a runtime for fulfilling queries with existing data.” Nowadays, GraphQL is being used in place of Rest-API’s.

Vulnerability

While doing recon for redacted.com …


source: lynda.com

Introduction

Hello World! I’m Eshan Singh, aka R0X4R. I’m that hacker teenager that your friends told you about. I hack web-server to make the system secure. I’m here to share my recent findings on GraphQL Introspection.

What is GraphQL

All of us know that Facebook uses its own query language to store its data properly. So, according to GraphQL.org GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. …


Cross-site Scripting

Last year I was scrolling my LinkedIn Profile feeds suddenly a post came in front of me. In that post, a Bug Hunter posted his PoC about how he found Blind-XSS in Spotify. I was surprised after hearing about BXSS. I was surprised at that moment after watching that there is another category of XSS which is known as BLIND XSS. Then my greed for collecting information about new hacking or exploitation techniques was increased, then I started researching BXSS. So in this post, I’m going to give all the information about the BXSS that I got.

#! What is…

Eshan Singh

Hi.. I’m that hacker teenager that your friends told you about. I hack to make system secure. Hacker — Developer — Influencer — Graphics Designer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store