Portswigger – GraphQL API Vulnerabilities – Lab #2 Accidental exposure of private GraphQL fields