This project involved performing a structured security assessment against the Damn Vulnerable GraphQL Application, an intentionally insecure environment designed to expose common GraphQL misconfigurations and backend vulnerabilities. The objective was to identify, exploit, and analyze weaknesses specific to GraphQL implementations, ranging from schema exposure and authorization failures to injection and denial-of-service conditions.
GraphQL introduces a unique attack surface compared to traditional REST APIs. Instead of multiple endpoints, applications often expose a single /graphql endpoint capable of resolving complex nested queries. When improperly configured, this model can expose sensitive schema data, allow unbounded query execution, or provide attackers with a powerful interface to backend logic.
The first phase of the assessment focused on identifying exposed GraphQL endpoints and fingerprinting the underlying implementation. Because GraphQL applications typically expose a limited number of endpoints, accurate discovery at this stage is critical. A single overlooked endpoint can provide full schema visibility and direct access to backend logic.
To identify potential GraphQL endpoints, I used my custom-built open-source tool, gql-finder. The tool is designed to enumerate common GraphQL paths and detect GraphQL behavior through response analysis.
The scan revealed two accessible endpoints: