Eshan Singh – Medium

Published in InfoSec Write-ups

·Dec 24, 2019

GraphQL IDOR leads to information disclosure

Hello World!, I’m Eshan Singh aka R0X4R. I’m here to share my recent findings on GraphQL IDOR (Insecure Direct Object Reference), which leads to information disclosure. So, let’s start. I’m signing in… What is GraphQL? The GraphQL Foundation defines “GraphQL is an open-source data query and manipulation language for APIs…

Graph QL

3 min read

Published in InfoSec Write-ups

·Oct 30, 2019

GraphQL introspection leads to sensitive data disclosure.

Introduction Hello World! I’m Eshan Singh, aka R0X4R. I’m that hacker teenager that your friends told you about. I hack web-server to make the system secure. I’m here to share my recent findings on GraphQL Introspection. What is GraphQL All of us know that Facebook uses its own query language…

Graph QL

3 min read

Sep 1, 2019

INTRODUCTION TO BLIND XSS

Last year I was scrolling my LinkedIn Profile feeds suddenly a post came in front of me. In that post, a Bug Hunter posted his PoC about how he found Blind-XSS in Spotify. I was surprised after hearing about BXSS. I was surprised at that moment after watching that there…

Security

4 min read