Lab can be found at: https://webverselabs-pro.com/
This was a cool challenge. Man, I love GraphQL stuff. So, I browsed to the lab which was called Breach:
In the background, there. was a POST to a graphql endpoint. Time to dig into it.
Now here is something we should all be aware of. When a query takes an argument, you should use regular brackets. In the example below, the notes field takes an argument of “includePrivate”. We can see this is set to false. The syntax is:
notes(includePrivate:false)
So now, we can try introspection and get a response with the schema. Note that the response shows the flag takes an arg called “debug”. You can guess where this is going, right?
If we scroll up slightly in the schema, we can see Flag has 3 fields: id, value and accessLevel.
So lets look at what happens if we try to view the value object from the flag field, we get an error:
Well, remember the flag field also took an arg called debug? Let’s try making that true and sending that over:
As you can see, we get the flag.
Thanks for following along!
