Back

Passman

• Hack The Box

• from BubBountyCTF.md introspection query works well (˶ᵔ ᵕ ᵔ˶) - - InQL BurpSuite plugin gives all mutations available

• in GraphqlHelper.js - just if (!requst.user) validate user

UpdatePassword: {
    type: ResponseType,
    args: {
        username: { type: new GraphQLNonNull(GraphQLString) },
        password: { type: new GraphQLNonNull(GraphQLString) }
    },
    resolve: async (root, args, request) => {
        return new Promise((resolve, reject) => {
            if (!request.user) return reject(new GraphQLError('Authentication required!'));

            db.updatePassword(args.username, args.password)
                .then(() => resolve(response("Password updated successfully!")))
                .catch(err => reject(new GraphQLError(err)));
        });
    }
}

• by changing LoginUser graphql query to UpdatePassword and deleting token - bypass 'Authentication required!'