⚠️ Pracivo Security Lab — Weak JWT (secret="secret"), alg:none bypass, mass assignment on /profile/<id>, GraphQL introspection

GraphQL Explorer

Run GraphQL queries against the SocialHub API.

Hint 1: Try introspection — { __schema { types { name } } }
Hint 2: Query passwords — { users { id username password } }