this post was submitted on 26 Nov 2025
557 points (98.9% liked)
Funny
12491 readers
1681 users here now
General rules:
- Be kind.
- All posts must make an attempt to be funny.
- Obey the general sh.itjust.works instance rules.
- No politics or political figures. There are plenty of other politics communities to choose from.
- Don't post anything grotesque or potentially illegal. Examples include pornography, gore, animal cruelty, inappropriate jokes involving kids, etc.
Exceptions may be made at the discretion of the mods.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You think this is funny, but a codebase I once inherited did exactly this. Up until that point in my life, I never imagined I’d ever have such a violent urge to strangle someone.
Bonus: the system had two types of accounts for signups: one for employers and one for employees. Naturally, it would set the role of the created account during the signup process, but the issue was that anyone could submit a signup request with a custom payload and set themselves as the third account type: administrator.
Bonus #2: during a self-update request (avatar change, etc), users were able to change their own IDs in the database.
It was 100% vibe-coded by two imbeciles in two months. We had to rebuild 80% of that codebase.
Pro tip: A lot of websites that don't let you update certain fields about your profile or other things actually do let you, because it's a full payload patch on the backend. You just need to modify the fields in dev tools.
Note: I did this on a hotel website to change my email address and then ended up creating a bad scenario where my login account email didn't match my hotel profile email...they fixed it for me and said, "we aren't sure what happened". I didn't say anything.
People are already inheriting vibe coded codebases?
What is this, a one sentence horror contest?
Definitely! And the reason is obvious.