W-GRAPHQL-AUTHZDiscovery

GraphQL Field-Level AuthZ Gaps

Top-level resolver checks auth; nested fields don't — query around the check via aliasing / unions.

§ Where this technique fits

W-GRAPHQL-AUTHZ is catalogued under the Discovery tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 4 on average.

§ Dossiers chaining this technique

GraphQL introspection → BOLA → mass enum
GraphQL endpoint exposes its full schema. Discover an unauth'd or under-authorized resolver, enumerate every user's data by iterating IDs.
step 4 / 6

§ What commonly comes next

01
Broken Object Level Authorization (API BOLA)
W-BOLA · Privilege Escalation
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

GraphQL introspection → BOLA → mass enum

§ What commonly comes next