TL;DR

kyrux@labs
$ exploit --chain graphql-batching --target /graphql --rate-limit nginx

Kill Chain

pipeline
  1. 01 Recon: identify /graphql + 2FA gate note
  2. 02 Barrier: nginx rate limit 20 req/min blocked
  3. 03 Technique: GraphQL batching via aliases bypass
  4. 04 Exploit: OTP brute-force inside 5 requests owned