GraphQL Directive Overloading

漏洞信息

漏洞名称: GraphQL Directive Overloading

漏洞类型: 配置问题

漏洞等级: 中危

漏洞描述: GraphQL是一种用于API的查询语言,也是一种运行时用于执行这些查询的服务器端软件。它被广泛用于现代web和移动应用程序中,以实现高效的数据交互。GraphQL Directive Overloading漏洞存在于GraphQL服务器中,当服务器允许在单个查询中使用多个重复的指令时,可能会导致拒绝服务攻击或资源耗尽。这种漏洞的技术根源在于服务器未能正确验证和限制查询中的指令数量,从而允许攻击者通过发送包含大量重复指令的查询来消耗过多的服务器资源。这种漏洞的影响包括服务器资源耗尽,进而导致服务不可用,影响正常的业务运行。攻击者无需认证即可利用此漏洞,且可以自动化地进行攻击。为了防止此类攻击,建议配置GraphQL服务器以限制或防止指令重载,通过实施适当的验证和速率限制来缓解这一问题。

产品名称: GraphQL

来源: https://github.com/projectdiscovery/nuclei-templates/blob/46e4a8ca471f0d5f6731a156695ae419a7ea8b00/http%2Fmisconfiguration%2Fgraphql%2Fgraphql-directive-overloading.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

id: graphql-directive-overloading

info:
  name: GraphQL Directive Overloading
  author: shamo0
  severity: info
  description: |
    GraphQL directive overloading occurs when multiple duplicated directives are allowed in a single query, potentially leading to denial of service attacks or resource exhaustion.
  impact: |
    An attacker could exploit directive overloading to consume excessive server resources, potentially leading to denial of service conditions.
  remediation: |
    Configure GraphQL server to limit or prevent directive overloading by implementing proper validation and rate limiting.
  reference:
    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/12-API_Testing/01-Testing_GraphQL
  metadata:
    verified: true
    max-request: 1
  tags: graphql,dos,misconfig

http:
  - raw:
      - |
        POST /graphql HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {
          "query": "query { __typename @aa @aa @aa @aa @aa @aa @aa @aa @aa @aa }"
        }

    stop-at-first-match: true
    matchers-condition: or
    matchers:
      - type: regex
        part: body
        regex:
          - "\\\"errors\\\":\\s*\\[.*?\\]"
      - type: regex
        part: body
        regex:
          - "\\\"message\\\":\\s*\\\".*?@aa.*?\\\""

    extractors:
      - type: regex
        name: directive_errors
        part: body
        regex:
          - "\\\"errors\\\":\\s*\\[.*?\\]"

Github Poc
#projectdiscovery/nuclei-templates:github issues #配置问题
GraphQL Directive Overloading
http://example.com/2025/07/23/github_1206649911/
作者
lianccc
发布于
2025年7月23日
许可协议