Hacking GraphQL : Hacker101 CTF BugDB v2

Hacker 101 CTF for Beginner Level GraphQL Hacking

https://graphql.org/

Introduction

This article is in continuation of the first article that you can find here: https://0xsanz.medium.com/hacking-graphql-hacker101-ctf-bugdb-v1-b0d2365814d1

Please read that article first and then follow along.

So go ahead and start the challenge number 2 in GraphQL series from Hacker 101 CTF

Run the Introspection query again and check the schema:

Supported queries

Here we can see that allBugs is bit different then from Level 1. Let’s query allUsers:

allUsers query — 1

So we have username admin and victim.Lets query further using allBugs: