#Graphql
2 postsBugForge - Daily - Sokudo (Jun 17, 2026)
Sokudo is a typing speed test application whose GraphQL API exposes an unrestricted users query. By enumerating the users collection and requesting sensitive fields, the admin account's password — containing the flag — was extracted…
Graphql
Posted on 2026-06-17 20:00 3 min read
BugForge - Daily - Ottergram (Jan 10, 2026)
The application exposes a GraphQL API with introspection enabled in production, allowing attackers to query the full API schema and discover sensitive…
Graphql Introspection IDOR Broken Access Control
Posted on 2026-01-10 20:00 5 min read