Skip to content

Important: Exposed MongoDB cluster in your code #10

@GaillardTom

Description

@GaillardTom

Warning

You have an exposed mongoDB cluster containing multiple databases in this repository.

Hey THE-VIP-BOY-OP, If you receive this issue don't panic, I am a friendly automated script looking around the internet and just to let you know that you have an exposed mongoDB cluster in your code that I got from this file https://github.com/THE-VIP-BOY-OP/VIP-ROBOT/blob/16228dd0ddbdc24b35f9cdec9fb36d48bc65d539/MukeshRobot/config.py.

I was able to connect and expose those databases from your cluster:

  • AnieXErica
  • Anon
  • AnonXMusic
  • Anonymous
  • Channel-Filter
  • Character_catcher
  • Cluster0
  • Hellbot
  • Lover
  • VIP
  • Word
  • Yukki
  • adityaxdb
  • autoacceptbot
  • clonelcuxbotz
  • clustero
  • main
  • userdb
  • admin
  • local

From these possible clusters: cluster0.9dxlslv.mongodb.net

A malicious attacker could leak data and get credentials to your or people's services/system, even if you know that no sensible information is stored inside it, it is still very dangerous. I do not know what kind of information your databases hold but a malicious attacker could easily dump all the content, please make sure to follow these steps:

  1. Put your secrets in a .env file
  2. Use a library like dotenv to load the environment variables from your file onto your code
  3. At this point, I would either suggest either using github's tool to erase the history or you could delete the repos on Github, remove the .git folder locally and recreate a new repos with a clean history

In the future make sure to not expose your secrets especially your mongodb uri as it contains your username and password combination. Make sure to create a .env file and load your environment variables into your code accordingly.

If you like what I am doing for the community, please feel free to follow my github account @GaillardTom

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions