Loading page
Review the challenge brief, files, and requirements.
You've obtained a GraphQL introspection response from a target API. The developers left a backdoor mutation accessible without authentication.
Analyze the schema to find the unprotected mutation that can reset passwords and return its name.
The schema data will be passed as a JSON string.
Sign in to attempt this challenge.
Use Proving Grounds to continue your challenge practice.
Open Proving Grounds