PostgreSQL Database Exfiltration through the abuse of PostgREST requests

Proof-of-Concept (PoC) of a web application vulnerability discovered within one of Hackrate’s private Bug Bounty Program (BBP). It allowed the database exfiltration, through the abuse of application requests related to the usage of the external component PostgREST, used as a standalone web server, as well as an alternative to manual CRUD programming.

Full write-up available at: https://blog.hckrt.com/blog/thisclosed_2/