PostgreSQL Database Exfiltration through the abuse of PostgREST requests
Proof-of-Concept (PoC) of a web application vulnerability discovered within one of Hackrate’s private Bug Bounty Program (BBP). It allowed the database exfiltration, through the abuse of application requests related to the usage of the external component PostgREST, used as a standalone web server, as well as an alternative to manual CRUD programming.
Full write-up available at: https://blog.hckrt.com/blog/thisclosed_2/