Episode 10: The Life of a Full-Time Bug Bounty Hunter + BB News + Reports from Mentees
Critical Thinking - Bug Bounty Podcast
00:00
GraphQL Address Change
Grapher: The server wasn't validating the user through any secure methodologies But what the server was actually doing is that it was validating theuser through this 10 digit Value so he was all numeric. So we decided to change the address ID to see um, if the modified malicious user input that we created will be reflected on the victim's account and we tried that on berg modifying the the request body of uh, GraphQLUh, post request. We didn't really see anythingUm any Change on the HTTP response. Mm. Grapher: Even if you get an access to nine or even if you get a 500 server error back That doesn't mean that the
Transcript
Play full episode
