# ╔═══════════════════════════════════════╗
# ║         SKIDBIN.SITE BREACH           ║
# ║       breached by robiokys            ║
# ╚═══════════════════════════════════════╝

target: "skidbin.site"
breached_by: "robiokys"
date: "2025-07-05"
breach_type: "source code + backend compromise"
status: "fully dumped"


Link 1 : https://gofile.io/d/bv79kK
Link 2 : https://limewire.com/d/GYusZ#ejcF0GVesC



summary: |
  Another wannabe doxbin clone bites the dust. Skidbin.site was built like it came out of a
  YouTube tutorial from 2015. No security, no effort, just a playground for skids trying to look cool.

  I breached the entire backend with minimal effort — no tools, no 0days, just raw stupidity on their end.
  Their admin panel was exposed, Laravel config was public, and logs were filled with IPs and tokens.
  You can’t run a doxbin if you don’t even know how to hide your .env 💀

tech_stack:
  backend: "Laravel 8.x"
  frontend: "Bootstrap + jQuery spaghetti"
  hosting: "Shared VPS (lol)"
  database: "MySQL 5.7"
  panel: "/admin (no login check 💀)"
  logging: "Plaintext, no rotation, full IP/user agents"

vulnerabilities:
  - "Exposed .env file with DB creds + mailer config"
  - "No authentication required for /admin"
  - "SQL Injection on /api/post"
  - "No CSRF protection"
  - "Static session tokens"
  - "Full logs exposed to public"
  - "No HTTPS on API endpoints"
  - "Hardcoded admin passwords"

dump_contents:
  - "Full Laravel source code"
  - ".env with mailgun + db access"
  - "Database schema + partial dump"
  - "All route files (web.php, api.php)"
  - "Admin panel source"
  - "Logs folder with hundreds of IPs"
  - "User & post records (with timestamps)"

leak_info:
  size: "40mb (no db)"
  format: ".zip archive"

rating:
  security: 0/10
  dev_skills: "nonexistent"
  threat_level: "irrelevant"
  userbase: "13y/o wannabe hackers"
  backend_integrity: "compromised"
  uptime: "probably dead after this"