GraphQL Blog Platform

A modern blogging platform powered by GraphQL

⚠️ Test Application

This is a deliberately vulnerable application for testing security scanners.
Vulnerabilities: GraphQL introspection enabled, sensitive data exposed in schema

📝 Blog Posts

Browse and create blog posts using our GraphQL API

👥 User Management

View user profiles and roles (including admin API keys!)

GraphQL Endpoint

POST /api/graphql

Example Query:

{
  users {
    id
    username
    email
    role
    apiKey
  }
  posts {
    id
    title
    content
    published
    author {
      username
    }
  }
}

Introspection Query:

{
  __schema {
    types {
      name
      fields {
        name
        type {
          name
        }
      }
    }
  }
}

Built for BreakMyApp.ai Scanner Testing