Github Data Exposure and Accessing Blocked Data using the GraphQL Security Design Flaw
share
This research study was conducted to illustrate how it is easily possible to get data access to disabled or blocked repositories in Github using GraphQL. There are situations in which you can lose access to your Github repositories; When you use the paid version of Github services and do not pay the monthly payment or another situation is that when you use Github from the countries in the United States sanction list. Having an insecure repository with malicious usages can also put your repository in Github blacklist. In all of these situations, Github will block and disable your repository and you will lose access to your files, codes and project assets. Here, we will discuss the procedure of how an Ethical Hacker can gain access to all those blocked data with GraphQL functionality.
READ FULL TEXT