webProeasy

Lab 251 — PulseBoard — IDOR via Unauthenticated GraphQL User Profile Query

hackadvisor

Task: PulseBoard GraphQL API exposes getUserProfile(userId) query without authentication. Solution: enumerate schema via introspection, query admin user (ID 1) to extract flag from internalNotes field.

$ ls tags/ techniques/

graphql idor sensitive_data_exposure broken_access_control introspection unauthenticated_access

idor_exploitationgraphql_introspectionuser_enumerationsensitive_field_extraction

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 259 — TalentBridge — IDOR in Employee Profile Endpoints— hackadvisor
[web][Pro]Lab 15 — ProfileHub — IDOR in User Profile API— hackadvisor
[web][Pro]Lab 116 — InsightForge — IDOR via Undocumented Internal API— hackadvisor
[web][Pro]Lab 198 — PayrollSync — Broken Auth via GraphQL Introspection— hackadvisor
[web][Pro]Lab 112 — MetricFlow — IDOR in Usage Analytics API— hackadvisor