Stripe CTF 2.0 Level 0

August 27, 2012   


This is the first level of Stripe’s challenge. You start off in an app that stores secret passwords for users and you have an option to store a password or retrive a password.

Hint Given

So the following hint that is given on the page is as follows.

It turns out that the password to access Level 1 is stored within the Secret Safe. If only you knew how to crack safes

It isn’t much of a hint since you know it’s stored there anyway probably

Problem in the code

So here is the following section of code that has a problem. Take a look at line 33

var query = 'SELECT * FROM secrets WHERE key LIKE ? || ".%"';

There is no checking for input provided by the user. There is also the following

db.all(query, namespace, function(err, secrets) {
 That is pretty much spitting out all the results from the query and in the query there is no limit or anything so it’s possible to list all rows if you know what to pass in.


This is an easy one if you know anything about sql. A % in sql is a wildcard. So just pass in a % for a secret you want to retrive and you will have the level 1 password shown.

comments powered by Disqus