webPromedium

Lab 228 — GridPulse

hackadvisor

Task: GraphQL-based analytics platform with password reset via 4-digit PIN. Apollo Server has batching enabled. Solution: Triggered admin password reset, then brute-forced all 10,000 PINs via GraphQL batching (1000 mutations per request, 10 requests total), bypassing rate limiting. Logged in as admin, found flag at /settings.

graphql nodejs password_reset batching_attack rate_limit_bypass account_takeover apollo_server pin_bruteforce

admin_account_takeovergraphql_batching_bruteforcerate_limit_bypass_via_batchingpassword_reset_pin_bruteforce

$ ls tags/ techniques/

graphql nodejs password_reset batching_attack rate_limit_bypass account_takeover apollo_server pin_bruteforce

admin_account_takeovergraphql_batching_bruteforcerate_limit_bypass_via_batchingpassword_reset_pin_bruteforce

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ cat writeup.md…

Sign in to access full writeups

Sign in to access full writeups

Similar writeups