Najam Ul Saqib's Blog

 This CTF like the previous one too has some mutations in it so likely we have to play with mutations. It's always a good idea to give introspection query a try with GraphQL voyager which retrieved following result: We can see something different in this graph i.e attachments. That being said lets explore the documentation to carve a query that returns all the data available on the endpoint query { user { edges { node { id username bugs { edges { node { id private reporterId attachments { edges { node { id bugId filename } } } } } } } } } } This query returns all the data as follows.

 This is the second CTF on Hacker 101 related to GraphQL. Let's dive into it. Learning the trend from previous CTF i.e BugDB v1 I didn't dive into the introspection query graph straightaway this time rather I opened the docs of this GraphQL endpoint which showed that this time we have the feature of mutation as well which means that we can post/modify data on the server. Interesting.   Alright, Let's follow the trend and read the docs further in Query   We can query for user, find user/bug and also all bugs and all users as well. Let's carve a query out of it that queries most of the data if not all out of the endpoint

In this post, I will be taking you through one of the CTFs on HackerOne named "BugDB v1". This CTF is focused on the basic concept of GraphQL APIs and how they works. Let's start. When you open this CTF, a minimal page opens up having a hyper link to GraphiQL