The Breach challenge on WebVerse Labs exposes a GraphQL API backing a notes application. The notes are visible in the UI, but a GraphQL schema often has surfaces the front-end never touches. Map what's really there, and find a way to reach the flag.
Objective: Pass `debug:true` as an argument to the `flag` field and retrieve the flag value along with its other fields.
Context: Querying `flag { value }` without arguments results in an error. Introspection revealed that the `flag` field accepts a `debug` boolean argument — similar to how `notes` accepts `includePrivate`. The naming strongly implies that setting `debug: true` may unlock access to the flag value.
Only reveal the ones you need. Claude tracks how many you used to calibrate the feedback.
You already know that GraphQL fields can take arguments in parentheses. Think about what argument the `flag` field accepts and what value might unlock it.
The `flag` field accepts a `debug` boolean argument, just like `notes` accepts `includePrivate`. Try passing `debug:true` to the flag query the same way `includePrivate:false` was passed to notes.
Send this query:
```json
{"query":"{ flag(debug:true) { id value accessLevel } }"}
```
This should bypass the access restriction and return the flag.
Chat with a spoiler-safe tutor for this step. It uses only this lab spec and gives the smallest useful nudge first.
Tell the tutor what you tried, where you got stuck, or paste the response/error you are seeing.
Enjoying Hintru? Buy me a coffee ☕ ☕