BugDB Series on Hacker101CTF

Before all

The two challenges are both about GraphQL, and I just used the corresponding tools burp suite provide to solve them!

image

Reference(Port Swigger):https://portswigger.net/web-security/graphql

BugDB v1

introspection

Introspection is a step for schema information discovering.
Just type some stuffs and send it, meanwhile, right click on that history (in Burp Suite) and send it to responder.
image
In the request part, change to the GraphQL view and set an IntrospectionQuery.
image

Next, send it to sitemap, then feasible queries for the api are all in the target page!

image
image

Finally, I chose a query and send it to Repeater, removed all the variable params, and dumped all “allBugs” datas!

image

BugDB v2

introspection

Same as I done up there, but this time there’s a mutation function availible!
image

And also, if I directly use the query access “allBugs” just like the way I did before, there’s only an admin report but not the victim’s one.

mutation

Mutation is a process which is used for making changes to datas.
Furthermore, there’s a “private” paramter in the extracted data.
image

So, for solving this challengem, just change the “private” value for the Bug with id=2 into “true” through mutation!

image
image

P.S. Just remember that DONNOT change the text value LOL.