This is the first level of Stripe’s challenge. You start off in an app that stores secret passwords for users and you have an option to store a password or retrive a password.
So the following hint that is given on the page is as follows.
It turns out that the password to access Level 1 is stored within the Secret Safe. If only you knew how to crack safes…
It isn’t much of a hint since you know it’s stored there anyway probably
So here is the following section of code that has a problem. Take a look at line 33
var query = 'SELECT * FROM secrets WHERE key LIKE ? || ".%"';
There is no checking for input provided by the user. There is also the following
db.all(query, namespace, function(err, secrets) {
This is an easy one if you know anything about sql. A % in sql is a wildcard. So just pass in a % for a secret you want to retrive and you will have the level 1 password shown.