Using joern to Find GraphQL Authorization Issue

Channel:

Subscribers:

39,500

Published on December 30, 2022 3:15:02 PM ● Video Link: https://www.youtube.com/watch?v=tBon33o2aS4

Duration: 37:47

5,489 views

171

My Shop (advertisement): https://shop.liveoverflow.com/

We explore joern for the first time to write a query that can help us find a GraphQL authorization issue.

Using CodeQL to find the same issue: https://www.youtube.com/watch?v=VrF1RwnJzBk&list=PLGPckJAmiZCR3BIPhpmOL3l0wC6hBCk6W&index=1
Watch the Series: https://www.youtube.com/playlist?list=PLGPckJAmiZCR3BIPhpmOL3l0wC6hBCk6W

joern: https://joern.io/
RedEye Repository: https://github.com/cisagov/RedEye

→ Twitch Subscription: https://www.twitch.tv/products/liveoverflow
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

Chapters:
00:00 - Intro
00:31 - Recap: Research with CodeQL
01:51 - Setting Up joern
07:00 - First Tests with joern
15:31 - Realizing We Can Use Regex
20:06 - TypeScript vs. Transpiled JavaScript
21:25 - decorators in Transpiled JavaScript
35:23 - Building the Query
37:24 - Outro

=[ 📄 Info. ]=

Main Channel: https://youtube.com/@LiveOverflow
Twitch: https://twitch.tv/LiveOverflow

=[ 🐕 Social ]=

→ Twitter: https://twitter.com/LiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

=[ 📄 P.S. ]=

#liveoverflow

Other Videos By LiveUnderflow

2023-09-18	Arm®-based Video
2023-09-14	"Remove the video as soon as possible"
2023-09-10	Do Hackers Need To Know Algorithms and Data Structures?
2023-04-14	I Don't Trust Websites! - The Everything API with ChatGPT
2023-03-23	Talking About my Trash Can and Haircut
2023-03-11	Attacking VSCode Extension from Browser? - Live Security Research
2023-03-09	3D Printer Researching Igus Bearings - Prusa i3 MK3S+ (part 3)
2023-03-06	3D Printer Assembly X-axis - Prusa i3 MK3S+ (part 2)
2023-03-04	3D Printer Assembly #ASMR - Prusa i3 MK3S+ (part 1)
2023-01-03	Analytics from 7 Years on YouTube...
2022-12-30	Using joern to Find GraphQL Authorization Issue
2022-12-26	Security Issue Found in US Gov CISA Tool?
2022-12-22	Using CodeQL to Investigate GraphQL Resolvers
2022-12-18	ping Vulnerability Patch Analysis (with #ChatGPT) - CVE-2022-23093
2022-12-08	Can AI Hack Websites with XSS? #ChatGPT
2022-12-05	The Most Difficult Puzzle Game - Dr. Kobushi's Labyrinthine Laboratory
2022-12-02	New Details on Commercial Spyware Vendor Variston - Revisiting Firefox Sandbox Escape
2022-07-16	A group of Minecraft hackers tried to shoot me into space
2022-03-11	Simple AFK Treasure Fish Farm Concept for 1.19 Sculk Sensor
2021-12-18	Log4Shell \| Bug Bounty Public Service Announcement #shorts
2021-12-17	How To Exploit a Heap Overflow

Tags:

liveoverflow

live stream

streaming

electronics

oscilloscope

twitch

live overflow

ctf

it security

cybersecurity

live hacking

joern

static analysis

codeql

security audit

graphql

cpg

cpgql

code review

auth

authorization

authentication

resolver

mutation

query