The Breach challenge on WebVerse Labs exposes a GraphQL API backing a notes application. The notes are visible in the UI, but a GraphQL schema often has surfaces the front-end never touches. Map what's really there, and find a way to reach the flag.
Objective: Query the `flag` field requesting the `value` sub-field without any arguments and observe the server's response.
Context: Introspection revealed a `flag` field with a `debug` argument, and a `Flag` type with `id`, `value`, and `accessLevel` fields. Before exploiting the debug argument, first observe what happens when you query the flag field normally.
Only reveal the ones you need. Claude tracks how many you used to calibrate the feedback.
Try building a simple GraphQL query that requests the `value` field from `flag`, just like you would query `notes`. Send it to the same endpoint.
Construct a basic GraphQL query for the `flag` object and request its `value` field. Observe whether access is denied or an error is returned.
Send this query:
```json
{"query":"{ flag { value } }"}
```
Note the error response returned — this tells you the plain query is blocked.