Hacking GraphQL : Hacker101 CTF BugDB v2

Hacker 101 CTF for Beginner Level GraphQL Hacking

0xsanz
2 min readOct 16, 2022
https://graphql.org/

Introduction

This article is in continuation of the first article that you can find here: https://0xsanz.medium.com/hacking-graphql-hacker101-ctf-bugdb-v1-b0d2365814d1

Please read that article first and then follow along.

So go ahead and start the challenge number 2 in GraphQL series from Hacker 101 CTF

Run the Introspection query again and check the schema:

Supported queries

Here we can see that allBugs is bit different then from Level 1. Let’s query allUsers:

allUsers query — 1

So we have username admin and victim.Lets query further using allBugs:

--

--

0xsanz
0xsanz

Written by 0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204,AZ500