{"uuid": "b2f7bc06-2c6f-454d-9c4c-72dc4e52a646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14343", "type": "seen", "source": "https://t.me/STUFFuckthesystem/1167", "content": "\u26a0\ufe0f Graphql Exploitation \u26a0\ufe0f\n\nUnderstanding Graphql &amp; Enumeration of Graphql Schema\n\nhttps://payatu.com/blog/manmeet/graphql-exploitation-part-1\n\nUnauthorized Execution of Queries\n\nhttps://payatu.com/blog/manmeet/graphql-exploitation-part-2\n\nInjection attacks and XSS attacks\n\nhttps://payatu.com/blog/manmeet/graphql-exploitation-part-3\n\nResource Exhaustion (DOS)\n\nhttps://payatu.com/blog/manmeet/graphql-exploitation-part-4\n\nOffensive security\n\n1. Template-Driven AV/EDR Evasion Framework\n\nhttps://github.com/klezVirus/inceptor#installation\n\n2. A script that monitors and extracts requested URLs/clients connected to the service by exploiting publicly accessible Apache server-status instances\n\nhttps://github.com/mazen160/server-status_PWN\n\n3. Exploit Experimenting with the CVE-2020-14343 PyYAML vulnerability\n\nhttps://github.com/raul23/pyyaml-CVE-2020-14343\n\n4. Red Team Tactics\nRed Team Attack Lab for TTP testing &amp; research\n\nhttps://github.com/Marshall-Hallenbeck/red_team_attack_lab", "creation_timestamp": "2026-06-28T00:00:08.587000Z"}