mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
31 lines
1.0 KiB
YAML
31 lines
1.0 KiB
YAML
id: apollo-sandbox-ui-exposed
|
|
|
|
info:
|
|
name: Apollo Sandbox UI - Exposed
|
|
author: Hamza Sahin
|
|
severity: low
|
|
description: |
|
|
Detects the Apollo Sandbox developer interface exposed in production environments, which could facilitate schema discovery or testing by unauthorized users.
|
|
reference:
|
|
- https://www.apollographql.com/docs/studio/sandbox/
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: http.html:"Apollo Sandbox"
|
|
tags: apollo,misconfig,exposure,graphql,vuln
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/"
|
|
headers:
|
|
Accept: text/html
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'status_code == 200'
|
|
- 'contains_any(body, "<title>Apollo Server", "<title>Apollo Router")'
|
|
- 'contains_any(body, "Apollo Sandbox", "apollo.dev")'
|
|
condition: and
|
|
# digest: 4a0a004730450220269337ee3a46c965037b63c9e9e09a3c0ba09af447e0bd4354685c37c8bf5a7b022100843f08e213e56962596b90846e4907d5df14c0c92b31a53e6556a9ee04dfae82:922c64590222798bb761d5b6d8e72950 |