Version: 3.5.1
Description
Unauthentication GraphQL Database Query refers to a vulnerability where unauthorized individuals can execute queries against a GraphQL database without proper authentication. This means that anyone, without providing valid credentials, can access and manipulate sensitive data stored in the database.
Proof of Concept
Step 1: Go to /graphql/
, insert payload GraphQL Database Query without authentication
![image](https://private-user-images.githubusercontent.com/67278071/239313740-fa288bd6-3a83-4f26-8665-318894515798.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTUwMTM5NjEsIm5iZiI6MTcxNTAxMzY2MSwicGF0aCI6Ii82NzI3ODA3MS8yMzkzMTM3NDAtZmEyODhiZDYtM2E4My00ZjI2LTg2NjUtMzE4ODk0NTE1Nzk4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTA2VDE2NDEwMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTU4MGQ0MzMwZDc4MzViNjgxOWJkY2IwMjEzZmY1OWMwMzhiNmIzMDFiNGQ4NjFhZmE4YjU2OTI3MGJiODg3NDEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.52--FGlGLHXG6dYg54T5tZus9jrUM7JkAaztoVHBhBM)
Impact
The impact of an unauthenticated GraphQL database query includes unauthorized access to sensitive data, data manipulation or deletion, compromised data integrity, system unavailability, and damage to an organization's reputation.