NoteQL

Challenge: NoteQL

Category: Web

The application is a note-taking application that uses GraphQL to save and fetch notes. I forgot to screenshots the main page of the challenge but our goal is to get the Hidden/Admin Notes.

I use Burpsuite to observe the GraphQL request and response.

The default query is:

{“query” : “{ MyNotes {id, title, completed}}”}

I tried to change the MyNotes to Notes (guess), but I found an interesting response. Notes do not exist, but the response suggests other Notes, such as Note, MyNotes, and AllNotes.

I change the query into AllNotes, then I found the flag at id:3, title: HTB{n0b0dy_c0ntr0ls_m3!!}

PreviousTime Next🖥 ROOTCON RECOVERY MODE

Last updated 1 year ago