Rating:

well see other writeups to get the idea of the chall.

i over engineered the problem. never heard of AQL or whatsoever and didnt even google the errors to see what the backend was looking for. so my payload was:

' || u.user like "%" let meh = (for name IN ATTRIBUTES(u) RETURN { name: name, value: name == "role"? "admin" : u[name]}) RETURN ZIP(meh[*].name, meh[*].value)%0a//


so i thought we had to give a valid user object back - so what this paylaod basicly does is, taking every property of the user and zip it back into one object, and only modify the u.role to "admin" on the fly.

¯\\\_(ツ)_/¯