GraphQL RCE: The Kill Chain to Cloud Identity…! From a simple query to Production “God Mode…!” Imagine this: You’re logged into a modern SaaS platform…It’s sleek, it’s fast, and it …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A bug bounty writeup detailing a full kill chain from a GraphQL endpoint to Google Cloud identity compromise. Starting with GraphQL introspection to enumerate workspace and app IDs, the attacker exploited a custom Python function feature by injecting payloads via the `createUserDefinedFunction` mutation. The sandbox escape was possible because the server's `exec()` call omitted `__builtins__: {}`, allowing `__import__` to work freely. From there, the attacker read source code via subprocess, performed SSRF to the GCP metadata service at 169.254.169.254, and exfiltrated a signed OIDC JWT for the production service account — achieving full cloud identity takeover. Remediation advice includes strict sandboxing with empty builtins, firewalling the metadata IP, and using micro-VM isolation like Firecracker or gVisor.