Md Injamul Haque

DoS bugs in graphQL are fun! When you run into a GQL (graph query language) instance when testing, check for DoS (denial of service) if it is in scope for the program. It is very common for developers to create a structure that can be queried recursively to cause resource exhaustion, be it CPU, memory, etc, leading to a denial of service for the either the entire graph endpoint or a subset of services/APIs that drive it. What is graphQL? Its basically an annoyingly structured query language built around JSON for calling APIs. Everything is explicit, case sensitive, and generally hates you. Hundreds of APIs can all be gated by a single graphQL instance, allowing developers to create queries or mutations that pull or update data points from multiple back end APIs in a single call. Most of the time the endpoint is "/graphql" or "gql" How does this Denial of Service thing work? I've found a bunch of these in my time in bug bounty. Its actually the first thing I check when I hit a graph endpoint. In its simplest form, lets say we have three different points of data: users, friends, and posts. If we query the "users" object, we can request the friends of that user, and any posts the user has made. As we drill into the friends, we see it also lists the friends posts, and if we drill into posts, we see posts list the "user" object again so we can see who made it. What is the problem? We can build a query that grabs users, and all its posts. Then for each user, all the friends, and all their posts. Then for each post for each friend, which user: pause here. Now we are back to users. So we nest it another layer deeper, for each user of each post of each friend, do it all over again.. and repeat, and repeat, and repeat. Then you run it once and the server dies. But don't actually do that. The catastrophic nature of this type of query is multiplied by the data points you return, so if you find a single intensive/robust field and return it for each loop, that is enough to kill it. When testing this, start small (only one or two deep to gauge the server response time) so you don't hurt anything. If you are able to see that the response time is doubling or more, go ahead and stop and report it for safety. The $8000 bounty was the best I've gotten for this particular bug, most companies aren't super keen to pay for denial of service bugs but they are real enough. Here are a couple good explanations on this: https://t.co/s68mSY8RRt https://t.co/RvZ6TaPozb #hacking #appsec #bugbountytips

People seriously underestimate how dangerous leaked Google API keys are. With just a little know-how, you can use them to access Gemini without spending money. This clip is just a small demo. I’ve covered a wide range of dorks and methods in my member only video. https://t.co/l8dYOvxQ8A

If you're testing SSRF, don’t forget to try alternative IP encodings 👀 Blacklist filters are often weak, for example, octal encoding can slip through: 017700000001 → 127.0.0.1 This exact trick recently helped me bypass restrictions and successfully exploit an SSRF. #bugbounty #bugbountytips

Insane framing. He was anally gang-raped. He was severely beaten and then anally gang-raped on camera. Both a knife and a taser were reportedly used. There was a hole in his rectal wall. He got surgery for it. Because he was anally gang-raped by the IDF (on camera). He also had 7 broken ribs and other injuries as well. After it happened, Israelis staged multiple large protests in the streets. Not because they believe these soldiers did anything wrong, but because they were infuriated that the soldiers were arrested for anally gang-raping a Palestinian on camera. These protests weren’t just random people. They included multiple high ranking Knesset members (their Congress) who defended the anal gang/rapists. They didn’t stop there. They went after the lawyer who leaked the video. She was publicly smeared, was forced to resign, and was arrested. And now the anal gang-rapists who were caught on camera have had their charges dropped. They didn’t win in court. They weren’t somehow exonerated. The charges were completely and indefensibly dropped. The Jerusalem Post reports that there was sufficient evidence to take this to trial. This is part of a larger pattern of torture and impunity. NYT and many other major outlets have extensively detailed the abuses at the Sde Teiman torture factory. NYT reported that Prisoners lose 30+ pounds, a nurse was anally raped by a metal rod, another man was raped by a dog, and another was anally raped by a fiery hit rod until he died. Yes, the NYT reported all of that. I’ll share sources in the replies. Torture and sexual assault are commonplace at Sde Teiman, and many prisoners die in the process. The UN concluded that rape from IDF soldiers is so commonplace that it constitutes official “strategy of war”. And of course these monsters virtually never face jail time. Because Israelis by and large don’t have any problem with any of it. This is just what their society does. They torture Palestinians.