search

doyensec / inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
https://doyensec.com/
Apache License 2.0
1.53k stars 158 forks source link

Discard Report for 'Exposed GraphQL Development Console' if response is 404 #43

Closed notdodo closed 2 years ago

notdodo commented 3 years ago

Describe the bug Do not report a 'Exposed GraphQL Development Console' low issue in Burp if the server responds with a 404

To Reproduce Steps to reproduce the behavior:

  1. Go to any website
  2. Request to /graphiql
  3. See error on Burp even if the server responds with a 404

Expected behavior Do not report the issue

Screenshots

Request: Screenshot_20210927_110704

Response: Screenshot_20210927_110737

Issue: Screenshot_20210927_110854

Desktop (please complete the following information):

execveat commented 2 years ago

404 and other useless status codes are filtered properly and don't produce false positive findings.