graphql-idor-via-introspection-leak
OfficialFind GraphQL IDOR vulnerabilities
Authorsecurityfortech
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps identify and exploit object-level authorization bypass vulnerabilities in GraphQL APIs, where introspection can reveal hidden fields or mutations that allow unauthorized access to or modification of data using arbitrary IDs.
Core Features & Use Cases
- GraphQL Schema Discovery: Leverages introspection to map out available queries and mutations.
- IDOR Identification: Systematically probes resolvers for missing ownership checks on ID parameters.
- Exploitation: Demonstrates how to read or modify data across different user accounts via vulnerable resolvers.
- Use Case: An attacker can use this skill to discover and exploit a vulnerability where they can view another user's private messages by simply changing the
messageIdin a GraphQL query.
Quick Start
Use the graphql-idor-via-introspection-leak skill to find object-level authorization bypasses in the GraphQL API endpoint.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: graphql-idor-via-introspection-leak Download link: https://github.com/securityfortech/hacking-skills/archive/main.zip#graphql-idor-via-introspection-leak Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.