Comment by achierius
6 days ago
Why is it unbelievable? There is an entire industry of people trying to find vulnerable niche applications like this. There are bots which crawl the web, not to make an index, but just to find vulnerabilities. Nobody necessarily even had to 'point' anything at this at all, it just shows up on their dashboard one day and they get to dig in.
I would not be surprised if Shodan.io ends up with queries for easily identifiable markers of vibe-coded software.
> There are bots which crawl the web, not to make an index, but just to find vulnerabilities.
You can download a few of them out of GitHub and run them immediately, too.
I was being facetious. Yes, there are millions of bots that are constantly searching every website for leaked keys, passwords, database credentials, crypto wallets, firebase endpoints, s3 buckets, email addresses, phone numbers, etc. the list is bottomless
Yep. We once had left a socks proxy unprotected on a public IP, no cert, just a random IP and a fixed port. At one day the service stopped working. When looking into it, the network was overloaded with random IPs from all over the world surfing on the free proxy.