Root Me
Home
Challenges
Web - Server
GraphQL - Backend injection
40 Points
GQLi
Author
apges01
,
19 January 2023
Level
Validations
323 Challengers
1%
Note
1
2
3
4
5
27 Votes
To reach this part of the site please login
1
Solution
Display solutions
Submit a solution
Challenge Results
Pseudo
Challenge
Lang
Date
Bizi
GraphQL - Backend injection
20 January 2023 at 11:22
Nishacid
GraphQL - Backend injection
20 January 2023 at 11:07
nikost
GraphQL - Backend injection
19 January 2023 at 17:02
...
230
240
250
260
270
280
290
300
310
320
92
Challenges
Results
Name
Validations
Number of points
Difficulty
Author
Note
Solution
Date
HTML - Source code
49%
157933
5
g0uZ
5
3 October 2006
HTTP - IP restriction bypass
8%
23996
10
Cyrhades
7
23 March 2021
HTTP - Open redirect
19%
61847
10
Swissky
10
2 August 2017
HTTP - User-agent
24%
78015
10
g0uZ
10
3 October 2006
Weak password
32%
102950
10
g0uZ
7
3 October 2006
PHP - Command injection
19%
61244
10
sambecks
10
20 September 2017
API - Broken Access
1%
1597
15
Nishacid
,
Mika
2
18 January 2024
Backup file
16%
51360
15
g0uZ
10
27 February 2011
HTTP - Directory indexing
23%
72637
15
g0uZ
7
7 October 2006
HTTP - Headers
16%
51197
15
Arod
9
11 January 2015
HTTP - POST
14%
45785
15
Th1b4ud
10
14 August 2018
HTTP - Improper redirect
13%
39800
15
Arod
10
26 November 2014
HTTP - Verb tampering
14%
43427
15
g0uZ
10
3 February 2011
Install files
13%
41164
15
g0uZ
6
7 October 2006
API - Mass Assignment
1%
1111
20
Nishacid
,
Mika
2
18 January 2024
CRLF
10%
29994
20
g0uZ
7
31 July 2011
File upload - Double extensions
11%
32872
20
g0uZ
10
24 December 2012
File upload - MIME type
8%
26204
20
g0uZ
10
26 December 2012
Flask - Unsecure session
1%
1371
20
Sanlokii
1
29 November 2023
GraphQL - Introspection
1%
2825
20
apges01
4
19 January 2023
HTTP - Cookies
14%
42845
20
g0uZ
8
7 October 2006
Insecure Code Management
4%
12564
20
Swissky
6
29 September 2019
JWT - Introduction
5%
15523
20
Kn0wledge
5
21 August 2019
XSS - Server Side
1%
1736
20
Elf
3
23 June 2023
Directory traversal
11%
33239
25
g0uZ
3
31 July 2011
File upload - Null byte
7%
22438
25
g0uZ
4
26 December 2012
JWT - Revoked token
2%
5260
25
ArnC
6
20 March 2020
JWT - Weak secret
4%
10728
25
Jrmbt
6
21 August 2019
JWT - Unsecure File Signature
1%
1520
25
Nishacid
,
Mika
3
23 February 2023
PHP - assert()
5%
14502
25
Birdy42
10
26 November 2016
PHP - Apache configuration
1%
1894
25
erk3
,
nemoz
3
8 July 2022
PHP - Filters
6%
18631
25
g0uZ
3
27 February 2011
PHP - register globals
5%
14995
25
g0uZ
2
8 October 2011
PHP - Remote Xdebug
1%
1354
25
mayfly
4
18 March 2020
Python - Server-side Template Injection Introduction
2%
3822
25
Podalirius
7
7 September 2021
File upload - ZIP
3%
8901
30
ghozt
3
3 August 2017
Flask - Development server
1%
493
30
Sanlokii
1
29 November 2023
GraphQL - Injection
1%
554
30
apges01
2
19 January 2023
Command injection - Filter bypass
3%
7169
30
sambecks
6
20 September 2017
Java - Server-side Template Injection
4%
10022
30
righettod
6
29 November 2015
JWT - Public key
2%
3455
30
Jrmbt
5
21 August 2019
JWT - Header Injection
1%
860
30
Nishacid
,
Mika
2
23 February 2023
Local File Inclusion
8%
24237
30
g0uZ
4
2 October 2011
Local File Inclusion - Double encoding
4%
12139
30
zM_
4
13 June 2016
Node - Eval
1%
2584
30
Mhd_Root
7
24 February 2021
PHP - Loose Comparison
3%
6856
30
ghozt
4
10 January 2018
PHP - preg_replace()
3%
8626
30
sambecks
4
2 March 2016
PHP - type juggling
3%
8438
30
vic
4
10 March 2016
Remote File Inclusion
4%
11197
30
g0uZ
8
25 November 2015
SQL injection - Authentication
14%
43028
30
g0uZ
11
27 February 2011
SQL injection - Authentication - GBK
3%
9028
30
dvor4x
4
2 December 2015
SQL injection - String
7%
20389
30
g0uZ
10
24 December 2012
XSLT - Code execution
2%
3507
30
ghozt
5
16 July 2017
Elixir - EEx
1%
151
35
lolo42
1
29 November 2023
JWT - Unsecure Key Handling
1%
584
35
Nishacid
,
Mika
5
23 February 2023
LDAP injection - Authentication
3%
9766
35
g0uZ
8
26 May 2013
Node - Serialize
1%
1138
35
Mhd_Root
2
24 February 2021
NoSQL injection - Authentication
3%
7319
35
mastho
8
31 May 2015
PHP - Path Truncation
2%
5190
35
Geluchat
6
25 March 2015
PHP - Serialization
2%
6454
35
Arod
3
3 February 2014
SQL injection - Numeric
5%
14009
35
g0uZ
7
24 December 2012
SQL Injection - Routed
2%
4935
35
soka
5
24 December 2016
SQL Truncation
2%
6256
35
Geluchat
2
1 May 2015
XML External Entity
2%
5233
35
sambecks
2
20 October 2014
XPath injection - Authentication
2%
6287
35
g0uZ
6
27 December 2012
Yaml - Deserialization
1%
1239
35
Nishacid
2
20 April 2021
API - Broken Access 2
1%
66
40
Nishacid
,
Mika
1
18 January 2024
GraphQL - Backend injection
1%
323
40
apges01
1
19 January 2023
GraphQL - Mutation
1%
1457
40
CanardMandarin
2
20 October 2020
Java - Spring Boot
1%
2221
40
dvor4x
3
24 December 2016
Local File Inclusion - Wrappers
2%
3432
40
sambecks
4
2 March 2016
PHP - Eval
2%
3375
40
chmod
10
8 November 2018
PHP - Eval - Advanced filters bypass
1%
510
40
Podalirius
2
8 July 2022
SQL injection - Error
3%
7164
40
sambecks
5
4 March 2015
SQL injection - Insert
1%
2992
40
sambecks
4
23 February 2015
SQL injection - File reading
2%
5722
40
Arod
3
19 October 2014
XPath injection - String
2%
3713
40
g0uZ
5
26 May 2013
File upload - Polyglot
1%
378
45
Cyxo
1
8 July 2022
NodeJS - Prototype Pollution Bypass
1%
444
45
Worty
1
22 October 2021
NoSQL injection - Blind
1%
2789
45
ghozt
6
26 November 2016
SQL injection - Time based
2%
5317
45
ycam
4
11 September 2015
Java - Custom gadget deserialization
1%
46
50
Elweth
0
28 December 2023
NodeJS - vm escape
1%
673
50
Podalirius
1
15 April 2021
Server Side Request Forgery
1%
1717
50
sambecks
7
22 June 2018
SQL injection - Blind
3%
7146
50
g0uZ
6
27 February 2011
LDAP injection - Blind
1%
3213
55
g0uZ
2
8 June 2013
PHP - Unserialize overflow
1%
712
55
mayfly
2
4 April 2020
PHP - Unserialize Pop Chain
1%
566
55
Worty
2
22 October 2021
SQL Injection Second Order
1%
119
55
k4ndar3c
1
29 November 2023
Python - Blind SSTI Filters Bypass
1%
549
75
Podalirius
5
7 September 2021
XPath injection - Blind
1%
2181
75
g0uZ
5
27 December 2012
SQL injection - Filter bypass
1%
2502
80
sambecks
7
21 July 2014