# Exploitation - GraphQL ### Overview `GraphQL` is an open-source data query and manipulation language for APIs. `GraphQL` was developed internally by Facebook in 2012 before being publicly released in 2015. On 7 November 2018, the GraphQL project was moved from Facebook to the newly-established GraphQL Foundation, hosted by the non-profit Linux Foundation. Whenever a `GraphQL` service receive (typically trough a `POST` HTTP request at an URL on a web service) a query, the query will first be checked to ensure it only refers to the types and fields defined, then run by the service to in turn interact with arbitrary code and ultimately retrieve data from a database (or any kind of storage mechanism). **`GraphQL` syntax** A simple `GraphQL` query to retrieve the `name` and `age` of a `person` object which has an `id` egal to `3` would look like: ``` { person(id: "3") { name age } } ``` The query above would produce, for example, when run by the `GraphQL` service and by a potential DataBase Management System (DBMS) service, the following result: ``` { "data": { "person": { "name": "Smith", "age": "35" } } } ``` For more information on the `GraphQL` syntax, refer to the official documentation: ``` https://graphql.org/learn/queries/ ``` ### Information leakage through interospection ``` {"query": "query IntrospectionQuery {__schema {queryType { name },mutationType { name },subscriptionType { name },types {...FullType},directives {name,description,args {...InputValue},onOperation,onFragment,onField}}}\nfragment FullType on __Type {kind,name,description,fields(includeDeprecated: true) {name,description,args {...InputValue},type {...TypeRef},isDeprecated,deprecationReason},inputFields {...InputValue},interfaces {...TypeRef},enumValues(includeDeprecated: true) {name,description,isDeprecated,deprecationReason},possibleTypes {...TypeRef}}\nfragment InputValue on __InputValue {name,description,type { ...TypeRef },defaultValue}\nfragment TypeRef on __Type {kind,name,ofType {kind,name,ofType {kind,name,ofType {kind,name}}}}"} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.qazeer.io/web-applications/exploitation-graphql.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.