The blog page for this lab contains a hidden blog post that has a secret password. To solve the lab, find the hidden blog post and enter the password.
Learn more about Working with GraphQL in Burp Suitearrow-up-right.
Open Burp Suite and Visit the Web Application
Click on any blog and send the request to Repeater
Again in the same blog right click -> Extensions -> InQL -> Generate queries with InQL scanner
In the InQL tab expand the queries section and click the getBlogPost.graphql
getBlogPost.graphql
You should see a postPassword field
postPassword
In the Repeater tab change the id variable to 3 in the Variables window and add a new field called postPassword in the Query window.
Send the request to get the secret password.
Last updated 1 year ago