The Breach challenge on WebVerse Labs exposes a GraphQL API backing a notes application. The notes are visible in the UI, but a GraphQL schema often has surfaces the front-end never touches. Map what's really there, and find a way to reach the flag.
Objetivo: Pass `debug:true` as an argument to the `flag` field and retrieve the flag value along with its other fields.
Contexto: Querying `flag { value }` without arguments results in an error. Introspection revealed that the `flag` field accepts a `debug` boolean argument — similar to how `notes` accepts `includePrivate`. The naming strongly implies that setting `debug: true` may unlock access to the flag value.
Revela solo las que necesites. Claude lleva la cuenta de cuántas usaste para calibrar la retroalimentación.
You already know that GraphQL fields can take arguments in parentheses. Think about what argument the `flag` field accepts and what value might unlock it.
The `flag` field accepts a `debug` boolean argument, just like `notes` accepts `includePrivate`. Try passing `debug:true` to the flag query the same way `includePrivate:false` was passed to notes.
Send this query:
```json
{"query":"{ flag(debug:true) { id value accessLevel } }"}
```
This should bypass the access restriction and return the flag.
Chatea con un tutor anti-spoiler para este paso. Usa solo la especificación de este lab y empieza por la pista más pequeña que sirva.
Cuéntale qué probaste, dónde te atoraste, o pega la respuesta/error que estás viendo.
¿Te gusta Hintru? Buy me a coffee ☕ ☕