Mass Account Takeover of 29,000 Accounts by Abusing GraphQL (opens in new tab)
While testing a GraphQL endpoint, I noticed that introspection was enabled in production. Running an introspection query exposed the…
Read the original articleWhile testing a GraphQL endpoint, I noticed that introspection was enabled in production. Running an introspection query exposed the…
Read the original article