Damn Vulnerable GraphQL Application v2.1.2 releases
Damn Vulnerable GraphQL Application
Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a GraphQL application, allowing developers and IT professionals to test for vulnerabilities.
DVGA has numerous flaws, such as Injections, Code Executions, Bypasses, Denial of Service, and more. See the full list under the Scenarios section.
Operation Modes
DVGA supports Beginner and Expert level game modes, which will change the exploitation difficulty.
Scenarios
- Denial of Service
- Batch Query Attack
- Deep Recursion Query Attack
- Resource Intensive Query Attack
- Information Disclosure
- GraphQL Introspection
- GraphiQL Interface
- GraphQL Field Suggestions
- Server Side Request Forgery
- Code Execution
- OS Command Injection #1
- OS Command Injection #2
- Injection
- Stored Cross Site Scripting
- HTML Injection
- Authorization Bypass
- GraphQL Interface Protection Bypass
- GraphQL Query Deny List Bypass
- Miscellaneous
- GraphQL Query Weak Password Protection
- Arbitrary File Write // Path Traversal
Install & Use
Copyright (c) 2020 Exposed Atoms
