- Playground - Playground graphql
- Blog - Blog on how to steal anyone's address
- Detectify - Graphql abuse lab
- Medium blog - Common vulnerabilities how to exploit them
- Bugcrowd - REST in peace abusing graphql to attack underlying infrastructure
- Medium blog - Discovering graphql endpoints and sqli vulnerabilities
- Medium blog - Api hacking graphql
- Medium blog - Time based blind sql injection graphql
- Medium blog - Graphql introspection leads to sensitive data disclosure
- Medium blog - Graphql idor leads to information disclosure
- Wallarm - GraphQl batching attack
- Graphql-js - Getting started to GraphQl
- Hasura - Intro to graphql
- GraphQL learn - Graphql Learn
Graphql practicing:
- Capture the Flag challenges
- BugDB v1 - https://ctf.hacker101.com/ctf/launch/18
- BugDB v2 - https://ctf.hacker101.com/ctf/launch/19
- BugDB v3 - https://ctf.hacker101.com/ctf/launch/20
Apis guru : Public graphql Apis
-
Finding Bugs : Finding first bug using Api
-
Graphql Hacking : HACKING GraphQL FOR BEGINNERS
-
Graphql Injection : Graphql injection
-
REST in Peace : Abusing GraphQL to Attack Underlying Infrastructure
-
Access control : Access control vulnerabilities in GraphQL APIs
-
Hacking Graphql : HACKING GraphQL FOR BEGINNERS
-
Solving challenges : Solving challenges from Hacker101 (GraphQL) and Bug Bounty Notes (SSRF)