Portswigger – GraphQL API Vulnerabilities – Lab #3 Finding a hidden GraphQL endpoint