New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
this guy is either very brave/stupid because they seem to storing some important data on it. running a untested app on a prod server.. average AI bro
Wait, you ran YABS on OP's demo server?
Theres at least 3 diff rces lol
yeah
edit: as root, theres also easy priv escs
AI Bro: Vulnerabilities have been fixed 🤡
Random anime girl: And here I run a yabs on his server 🤣
@ovexro Please shut down that machine already before you are mining crypto.
your AI is hallucinating security issues to fix while not fixing any actual security issue just because you did not tell it what to look for and it doesn't want to come up with nothing as the next token reward feature means you must be right. you have holes so obvious humans can spot them within a minute.
And it's dead, that was fast.
Thank you, guys!
@ovexro better run it on hourly vps... Things going wrong, just delet it
Yes. I will use an hourly VPS for testing purposes and production. The AI is not strong enough.
I like his approach more, run it on a server with all your personal shit and say fuck it
Definitely more fun for us xD
Massive pwnage. Did someone deleted demo server?
uwu :3
It's even worse, the IP is RCS & RDS Residential (digi romania) which means that he was most likely hosting it from his own residential network. If I had to take the guess with that CPU is most likely a mini pc or laptop.
Did any of the people who exploited this steal the github cookies off his laptop? Can you use that to delete the repo?
Yes, it is a mini-PC I'm using for testing. Thank you, guys, for raising my awareness.
There are a couple of providers on LET that offer free VPSs for open-source developers.
You should use one, because you don’t want a hacker on your local network. They could easily install malware on your TV box, router, printer, etc., and use it for DDoS attacks, or worse.
You can find them in: https://lowendtalk.com/categories/giveaways-freebies
It's gone now...
So you hacked his machine, got root, and posted the evidence here in public instead of sending a bug report with your findings.
That’s not pentesting, that’s hacking.
they are in romania, last guy was in pakistan
and if you do report it, they will get AI to fix it for them and claim it is now secure. do you have better ideas on teaching them?
To be fair much worse could have happened given the code was so low quality of bad they essentially posted an unauthenticated root web terminal on internet
im surprised that this kind of AI slop isnt banned by some rules here yet
I hope this gets added to serververify soon
fuck, i thought you were joking but the last panel yabs actually got added LMFAO
https://serververify.com/benchmarks/5d797836-4235-47b6-980c-2b9793b1d30d
i like how lowendtalk uses cloudflare advanced bot protection to prevent scraping, then the site owner proceeds to scrape everything for himself. smh
Nobody said we are pentesting. In fact, we made multiple comments about he expecting us doing the pentesting for him, for free, is an absurd idea.
He spend like 2 hours actually creating this mess, even for an experienced programmer, getting trough this just to clear the basic common issues, is a week of work.
Afaik nobody leaked any data or abused any gained access.
But it should make indefinitely clear to the OP that this is not a couple tiny things here and there that need to be fixed, but that about anyone easily can gain access to the entire system.
Good job @jbiloh !
I won't make the same mistakes ever again. And due to you guys, I learned a lot today. I'm grateful for your help.
It's gone?
and its gone