b4r
Peek a QL
Category
Web Exploitation
Points
50
Tags
I got a web service, the web service is just an web blog, there is login and register page, tried register and login, and there is many blog there, so i decided to see the source code.
as you can see, there is path to js directory, auth.js, posts.js, and router.js. I checked auth.js first, and there is API_URL of graphql, so i go there
but…
so yea lets just use curl then.
as you can see, we can leak the username and password based their posts!!
{"data":{"posts":[{"id":"post-m8ruo1p","title":"Post wds","content":"Content hks4k34c","author":{"id":"user-en704f4","username":"user_utg","password":"9g36i5qg"}},{"id":"post-iqbm7q3","title":"Post 26h","content":"Content qi4l48u7","author":{"id":"user-wdgju5v","username":"user_axe","password":"uz3egind"}},{"id":"post-3ydi3km","title":"Post prf","content":"Content y63qcijg","author":{"id":"user-f8uam99","username":"user_ah7","password":"38m8i30v"}},{"id":"post-ya9c8oj","title":"Post ksj","content":"Content 1gkdbiwb","author":{"id":"user-gbneywv","username":"user_kvw","password":"6sp4g0n1"}},{"id":"post-ag7rxmt","title":"Post qvj","content":"Content k19wikh6","author":{"id":"user-ewt0vgy","username":"user_de3","password":"i523xpgu"}},{"id":"post-t1wzyzx","title":"Post 4cc","content":"Content qwgybtjc","author":{"id":"user-afzvkii","username":"user_hyr","password":"b2he64tr"}},{"id":"post-vbl821e","title":"Post aif","content":"Content o67cg9mp","author":{"id":"user-qph6lds","username":"user_ow2","password":"eokupvaz"}},{"id":"post-6fhicya","title":"Post 4jq","content":"Content rtz7dj2x","author":{"id":"user-afzvkii","username":"user_hyr","password":"b2he64tr"}},{"id":"post-645ebz8","title":"Post api","content":"Content oasyoonr","author":{"id":"user-7j9n4f3","username":"user_ugk","password":"nde9y9u6"}},{"id":"post-hqjc647","title":"Post jun","content":"Content m4nl6gzg","author":{"id":"user-ljnhxav","username":"user_nbh","password":"9m224w82"}},{"id":"post-au3zyaw","title":"Post 4mr","content":"Content mihav2xn","author":{"id":"user-6rqpoii","username":"user_dzh","password":"56rtpdex"}},{"id":"post-uph49be","title":"Post ub2","content":"Content kytrgygx","author":{"id":"user-pgo64x6","username":"user_qfw","password":"mjp1t765"}},{"id":"post-c6gwzkn","title":"Post m6p","content":"Content b20v3vbj","author":{"id":"user-5kprow7","username":"user_bvb","password":"hsayd0qd"}},{"id":"post-nscxayu","title":"Post hpv","content":"Content tzjm7b0i","author":{"id":"user-1n4gnwf","username":"admin","password":"gp1t3whb"}},{"id":"post-6hhzo2z","title":"Post 3vk","content":"Content 5z91nvgk","author":{"id":"user-en704f4","username":"user_utg","password":"9g36i5qg"}},{"id":"post-bwrg6di","title":"Post 7mb","content":"Content 0oi3anmx","author":{"id":"user-vko7i53","username":"user_xlq","password":"3ci5yqs0"}},{"id":"post-toiyjt7","title":"Post 2mm","content":"Content tllamcpa","author":{"id":"user-9jugg7c","username":"user_rk4","password":"8z9svwen"}},{"id":"post-kuslkt6","title":"Post dwf","content":"Content 22xlbqcx","author":{"id":"user-6943pxa","username":"user_74x","password":"7gaa6z51"}},{"id":"post-ep2fg6g","title":"Post 7u1","content":"Content i3e2qbx6","author":{"id":"user-15s2ltx","username":"user_br1","password":"x8aoejt5"}},{"id":"post-al58k70","title":"Post 9gs","content":"Content 993xz1h7","author":{"id":"user-vjndvws","username":"user_euh","password":"np0l3rf5"}},{"id":"post-iiffang","title":"Post jlz","content":"Content 6usb1ywd","author":{"id":"user-mhpkfk4","username":"user_jvy","password":"xatc523y"}},{"id":"post-fkl8nrf","title":"Post lyx","content":"Content o0ott6bd","author":{"id":"user-r4gdv8d","username":"user_y3r","password":"kjny452x"}},{"id":"post-tjnx9pa","title":"Post u0d","content":"Content opmu4vu2","author":{"id":"user-e0swvno","username":"user_ayd","password":"60jdx9m2"}},{"id":"post-dd06vju","title":"Post w4d","content":"Content lhleev19","author":{"id":"user-78682gk","username":"user_y1k","password":"7ayf5r8z"}},{"id":"post-wpxoiue","title":"Post zkd","content":"Content yk2wvux1","author":{"id":"user-0lxsqfa","username":"user_raj","password":"zy8694qy"}},{"id":"post-5n2aj1s","title":"Post zir","content":"Content kk1fzqqw","author":{"id":"user-jkd8ct9","username":"user_hkc","password":"0v4s3h9s"}},{"id":"post-4iaok0s","title":"Post gyo","content":"Content pxh8guk8","author":{"id":"user-eouhi0k","username":"user_he5","password":"0d7yc78h"}},{"id":"post-gq8eyqr","title":"Post 7nu","content":"Content mk922et5","author":{"id":"user-mhpkfk4","username":"user_jvy","password":"xatc523y"}},{"id":"post-ktvzsal","title":"Post 4vi","content":"Content 4d395m48","author":{"id":"user-6urb2ex","username":"user_5ks","password":"0i1czd6m"}},{"id":"post-bo7mzv3","title":"Post v15","content":"Content zkvpsfi1","author":{"id":"user-urn4on8","username":"user_19m","password":"7o6sw4ib"}},{"id":"post-yfge4fd","title":"Post cjb","content":"Content 8dyp3u2p","author":{"id":"user-m4el2ry","username":"user_6ft","password":"zn12i2df"}},{"id":"post-68nijzw","title":"Post pp5","content":"Content ylq9eiho","author":{"id":"user-8q2irbn","username":"user_ua5","password":"ua24f2j8"}},{"id":"post-jgldjv3","title":"Post c2b","content":"Content ytqnnqin","author":{"id":"user-x4vokma","username":"user_ye1","password":"xaevjm8v"}},{"id":"post-c80538h","title":"Post z7p","content":"Content vcqxm1zy","author":{"id":"user-1n4gnwf","username":"admin","password":"gp1t3whb"}},{"id":"post-j9hju89","title":"Post 56q","content":"Content 1t7080hj","author":{"id":"user-urn4on8","username":"user_19m","password":"7o6sw4ib"}},{"id":"post-jqdo9gg","title":"Post s2t","content":"Content 0r5z65cj","author":{"id":"user-ljnhxav","username":"user_nbh","password":"9m224w82"}},{"id":"post-l55p67t","title":"Post 2gn","content":"Content 84i6aqnv","author":{"id":"user-sxj8nl3","username":"user_b2w","password":"n1mjba4c"}},{"id":"post-0nkpiga","title":"Post x6s","content":"Content 1m25g1il","author":{"id":"user-sxj8nl3","username":"user_b2w","password":"n1mjba4c"}},{"id":"post-yhj7hh9","title":"Post qc6","content":"Content w1zg5bh1","author":{"id":"user-c92t6ub","username":"user_5q9","password":"8q0luwrx"}},{"id":"post-azfnit0","title":"Post fu5","content":"Content cok78w6b","author":{"id":"user-3y4ehwd","username":"user_7rw","password":"vx593hdo"}},{"id":"post-sxz5ks0","title":"Post bv1","content":"Content yju1ms8l","author":{"id":"user-pgo64x6","username":"user_qfw","password":"mjp1t765"}},{"id":"post-f011l6z","title":"Post pnm","content":"Content ev9skb0p","author":{"id":"user-1dyg4hn","username":"user_6fr","password":"oq01ul2v"}},{"id":"post-5jir3gi","title":"Post 1je","content":"Content 8bynojpp","author":{"id":"user-wumvl7v","username":"user_okf","password":"oyhzjz5i"}},{"id":"post-mf6m5kv","title":"Post v6e","content":"Content l5d52p73","author":{"id":"user-jxj0w1z","username":"user_bma","password":"wre2e4qb"}},{"id":"post-gf3sis3","title":"Post vko","content":"Content tsjp88e9","author":{"id":"user-6l519ga","username":"user_0mn","password":"ebew991a"}},{"id":"post-hbpbanm","title":"Post wxj","content":"Content y45nicn0","author":{"id":"user-f8uam99","username":"user_ah7","password":"38m8i30v"}},{"id":"post-fzlokad","title":"Post cmf","content":"Content 35k58peg","author":{"id":"user-dsmzy7c","username":"user_jje","password":"y7dajroj"}},{"id":"post-idc0ayf","title":"Post o7e","content":"Content dkzzg1g7","author":{"id":"user-9m2ydcm","username":"user_43o","password":"ya0ujgo3"}},{"id":"post-upo4p3d","title":"Post ju9","content":"Content dtk3c40g","author":{"id":"user-vjndvws","username":"user_euh","password":"np0l3rf5"}},{"id":"post-nww8y2q","title":"Post tje","content":"Content ziv3nlay","author":{"id":"user-lfee5jn","username":"user_0hd","password":"70nxv01d"}},{"id":"post-bl9vnwg","title":"Post s5k","content":"Content xh2zlf1i","author":{"id":"user-u1d9tni","username":"user_fie","password":"e5z30oek"}},{"id":"post-ghk77q3","title":"Post hjj","content":"Content 4k2b1smn","author":{"id":"user-mg78n6u","username":"user_nv3","password":"4rc1nvln"}},{"id":"post-tggzipv","title":"Post gvr","content":"Content jq2fx24j","author":{"id":"user-h5m1ec9","username":"user_h85","password":"yukyne18"}},{"id":"post-y6bcjty","title":"Post ja6","content":"Content wp2597r7","author":{"id":"user-qur5b12","username":"user_6dr","password":"vwc4ufma"}},{"id":"post-dbqom2y","title":"Post kt3","content":"Content pxsgftsv","author":{"id":"user-7j9n4f3","username":"user_ugk","password":"nde9y9u6"}},{"id":"post-qsnxg1v","title":"Post 8ac","content":"Content 17evyvqr","author":{"id":"user-xqc60xo","username":"user_72w","password":"o2vftqn3"}},{"id":"post-d935shi","title":"Post b2x","content":"Content tp45pjjt","author":{"id":"user-pz8fc2c","username":"user_67g","password":"e8m2380i"}},{"id":"post-aruvlkt","title":"Post 3ex","content":"Content vq805ryu","author":{"id":"user-kupxlpo","username":"user_8wu","password":"x3i3i4mp"}},{"id":"post-51rk3ko","title":"Post k6a","content":"Content 146e294p","author":{"id":"user-4y1rox2","username":"user_2yo","password":"lssn53xg"}},{"id":"post-hhspesa","title":"Post dp0","content":"Content ybfzv6iq","author":{"id":"user-x4vokma","username":"user_ye1","password":"xaevjm8v"}},{"id":"post-07xpk4o","title":"Post slp","content":"Content cr8pedrm","author":{"id":"user-u1d9tni","username":"user_fie","password":"e5z30oek"}},{"id":"post-7o7tcy1","title":"Post 7x3","content":"Content icfmhgml","author":{"id":"user-6ziuva6","username":"user_873","password":"6sg45uv1"}},{"id":"post-5w53vy2","title":"Post ptu","content":"Content hd3dhv9o","author":{"id":"user-7j9n4f3","username":"user_ugk","password":"nde9y9u6"}},{"id":"post-ptc8v6k","title":"Post g9s","content":"Content jshnxa9a","author":{"id":"user-zawl0po","username":"user_34l","password":"z0l11pgd"}},{"id":"post-e5puxc3","title":"Post u1n","content":"Content nuseqhig","author":{"id":"user-yhkw973","username":"user_6rz","password":"6embvwk5"}},{"id":"post-ik6zkjc","title":"Post rye","content":"Content q29yi3ld","author":{"id":"user-3y4ehwd","username":"user_7rw","password":"vx593hdo"}},{"id":"post-a2aulvk","title":"Post vnm","content":"Content uzouby48","author":{"id":"user-p2c8bgm","username":"user_3pt","password":"h4lqvddu"}},{"id":"post-dbr40gv","title":"Post 8b3","content":"Content p3h5elmg","author":{"id":"user-psi8rqo","username":"user_194","password":"j7dqnl7d"}},{"id":"post-l7f8jm9","title":"Post 0dd","content":"Content 4e5b4twc","author":{"id":"user-7983eh2","username":"user_c69","password":"7syurhlz"}},{"id":"post-nyj8227","title":"Post 2i7","content":"Content rbhwwgjt","author":{"id":"user-ljnhxav","username":"user_nbh","password":"9m224w82"}},{"id":"post-8lv3oj3","title":"Post ubf","content":"Content g6u82mp3","author":{"id":"user-wumvl7v","username":"user_okf","password":"oyhzjz5i"}},{"id":"post-ynv9qo5","title":"Post 4u5","content":"Content 0xcxxdg5","author":{"id":"user-kupxlpo","username":"user_8wu","password":"x3i3i4mp"}},{"id":"post-7wouxiw","title":"Post bak","content":"Content z8qg260r","author":{"id":"user-78682gk","username":"user_y1k","password":"7ayf5r8z"}},{"id":"post-sgikikv","title":"Post b7s","content":"Content 0lg7gei0","author":{"id":"user-6rqpoii","username":"user_dzh","password":"56rtpdex"}},{"id":"post-x6hcgzi","title":"Post dtn","content":"Content 8qcb8514","author":{"id":"user-5z0kmva","username":"user_p9i","password":"qs953wf6"}},{"id":"post-ja2iokg","title":"Post 9w1","content":"Content uin1qbeo","author":{"id":"user-yxvm2j5","username":"user_388","password":"0re7mlwi"}},{"id":"post-95bjix3","title":"Post vp6","content":"Content r8zet32i","author":{"id":"user-xqc60xo","username":"user_72w","password":"o2vftqn3"}},{"id":"post-0lx7cjk","title":"Post piz","content":"Content j7lad31h","author":{"id":"user-f8uam99","username":"user_ah7","password":"38m8i30v"}},{"id":"post-8nz7dos","title":"Post 6ee","content":"Content iyx9kf64","author":{"id":"user-f8uam99","username":"user_ah7","password":"38m8i30v"}},{"id":"post-s0o7n8f","title":"Post e2t","content":"Content 7rknz68w","author":{"id":"user-yxvm2j5","username":"user_388","password":"0re7mlwi"}},{"id":"post-zt7hgg8","title":"Post qul","content":"Content snsybrbw","author":{"id":"user-knuhhsb","username":"user_552","password":"719qbdbr"}},{"id":"post-1xup9on","title":"Post 2jx","content":"Content 6siw9l0r","author":{"id":"user-0lxsqfa","username":"user_raj","password":"zy8694qy"}},{"id":"post-yvi4iqr","title":"Post lbz","content":"Content 74ix1k5p","author":{"id":"user-bnnxksj","username":"user_yz4","password":"rfipd8gm"}},{"id":"post-iwf0zvn","title":"Post var","content":"Content o8op0r58","author":{"id":"user-cyqysex","username":"user_zy5","password":"htt9q96a"}},{"id":"post-vft4z88","title":"Post nek","content":"Content 6xbda2vr","author":{"id":"user-nzzjjri","username":"user_awg","password":"tig493sw"}},{"id":"post-csqnh3j","title":"Post rz5","content":"Content uhtjyx9g","author":{"id":"user-gnllln7","username":"user_p68","password":"x1hzd1kv"}},{"id":"post-ay9rcip","title":"Post 4yp","content":"Content l6n666gw","author":{"id":"user-qph6lds","username":"user_ow2","password":"eokupvaz"}},{"id":"post-5f69n8k","title":"Post mrk","content":"Content feyxedh3","author":{"id":"user-1n4gnwf","username":"admin","password":"gp1t3whb"}},{"id":"post-872fnmu","title":"Post ilq","content":"Content u5vcxhl5","author":{"id":"user-ljnhxav","username":"user_nbh","password":"9m224w82"}},{"id":"post-kh0pbo9","title":"Post z57","content":"Content kkpyxfx9","author":{"id":"user-z2261lj","username":"user_d48","password":"qaaa1bdx"}},{"id":"post-64gw4tk","title":"Post ig0","content":"Content o75wt4me","author":{"id":"user-r7go4c7","username":"user_4bq","password":"r8qizsq5"}},{"id":"post-thrblre","title":"Post e59","content":"Content kbtpyjqh","author":{"id":"user-h5m1ec9","username":"user_h85","password":"yukyne18"}},{"id":"post-xazurp3","title":"Post e0y","content":"Content t77j8e30","author":{"id":"user-x4vokma","username":"user_ye1","password":"xaevjm8v"}},{"id":"post-6e7nojn","title":"Post yzf","content":"Content ydpttzqy","author":{"id":"user-e0swvno","username":"user_ayd","password":"60jdx9m2"}},{"id":"post-1gkyn9x","title":"Post fx1","content":"Content abhl1ykr","author":{"id":"user-en704f4","username":"user_utg","password":"9g36i5qg"}},{"id":"post-3wh5k4v","title":"Post 44p","content":"Content efvke6mc","author":{"id":"user-bmr3686","username":"user_wzf","password":"lqr3zzbj"}},{"id":"post-bv748b2","title":"Post 1ny","content":"Content phc19ysf","author":{"id":"user-ik5hjm4","username":"user_udx","password":"0axkumpf"}},{"id":"post-2g07xhs","title":"Post uoy","content":"Content ljd2u1p2","author":{"id":"user-zawl0po","username":"user_34l","password":"z0l11pgd"}},{"id":"post-abywem7","title":"Post yn3","content":"Content pwkkrse7","author":{"id":"user-r7go4c7","username":"user_4bq","password":"r8qizsq5"}},{"id":"post-0wna9ws","title":"Post mvb","content":"Content wpkm5fnt","author":{"id":"user-xqc60xo","username":"user_72w","password":"o2vftqn3"}}]}}and if u filter with admin, there is admin username with password gp1t3whb, try login with that creds, and u will see the flag
Peek a QL Flag:
Breach{0n3_0f_c0nw4y5_7ur1n6_c0mpl373_w0nd3r5}