it’s a cold afternoon in The Manila Bulletin while enjoying my Iced latte from Paper + Cup.

Currently i have 2 accounts at secuna.

As a verified user in Secuna you should be able to update your profile,submit reports,view disclosed reports and update payout method meanwhile if your account is not verified you should not be able to submit reports, view disclosed reports, update your profile and etc.

If you login using your non-verified secuna account you will be only redirected to https://app.secuna.io/account-verification

Since i already mapped out Secuna’s GraphQL Endpoint (https://app.secuna.io/static/js/main.80713d8f.chunk.js)

Sample GraphQL Request:

Server Request

POST /api/graphql HTTP/1.1
Host: app.secuna.io
content-type: application/json
authorization: Bearer

{"operationName":"updateAboutHackerProfile","variables":{"bio":"meh","location":"Philippines","website":"https://ctulhu.me"},"query":"mutation updateAboutHackerProfile($bio: String!, $location: String, $website: String) {\n updateAboutHackerProfile(bio: $bio, location: $location, website: $website) {\n bio\n location\n socialMedia {\n github\n website\n facebook\n linkedin\n instagram\n }\n }\n}\n"}

This will update my Bio to “meh” Location to “Philippines” Website to “https://ctulhu.me” the Operation is set to “mutation” which will write followed by a fetch of Bio,location,socialmedia,github,website etc.

In graphQL there are 3 types of operations:

  • query: a read‐only fetch.
  • mutation: a write followed by a fetch.
  • subscription: a long‐lived request that fetches data in response to source events.

Each operation is represented by an optional operationName and a selection set. If we send the above Request, We will receive the Response Below.

Server response

POST /api/graphql HTTP/1.1
Host: app.secuna.io
content-type: application/json
authorization: Bearer

{"data":{"updateAboutHackerProfile":{"bio":"meh","location":"Philippines","socialMedia":{"facebook":null,"github":null,"instagram":null,"linkedin":null,"website":"https://ctulhu.me"}}}}

Result

adwada

Secuna’s Response

lla

Bounty : 100$

Report : https://app.secuna.io/submission/7db2182e-e5c4-4a44-909e-2a11ee718793