Find the Secret webpage (Credit: RiversideRocks)

Credit: @RiversideRocks for the original puzzle.

Your goal is to get access to /secret, but using a signup forum. If you read carefully, and get the somewhat obvious hints, then you can get to the secret file.

Someone finished it! It was @Ghostoblivion! , then @wh0, then @youngchief_btw.

The source is here and just read the file.

Finish Link:


Hint: On the /create page , the quote /logs has some of the best logs ever. may have a special meaning.

1 Like

I have no idea! I was able to view the signup logs, but after that I got nothing.

Is this made in PHP or Node?

By the looks of it, I’m 99% sure its node.

Is it SQL injections? I tried but it didn’t work.

It also using Jsoning as a db, so that may not work…

1 Like

Yep, I thought it was as it has a different not found error than php

There are no Linux command that you need to know. Look at

It does not use shell commands because people could use commands to destroy the server.js script.

It contains where the

  • Secret page is
  • The URL Parameter that you need to access it
  • The key for the URL parameter.

Should I add another hint?

1 Like

Ok so here it is! Pay attention to the last lines, especially the words in quotes

[system.Handler]: Hiding "/secret" File with query: "?key="
[system.Handler]: Now perfoming a "chkdsk".
1 Like

woa, that took some thinking outside the box. thanks for the puzzle!

1 Like

Your welcome! The original was RiversideRocks.

I had just come to the fourms for today, saw the puzzle thing here, then the clue, and bamm got ihe answer quick

1 Like

Hey when I edited it, it said something about “overwriting edits”.

Also, I added the source code, the link is at the top.

Answer was:

<iframe width="1000" height="500" src="" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

Interesting use case of Jsoning…:joy:

1 Like