Imagine me joining your Discord server and using an exploit to give myself Admin. From there I can nuke your Discord server or give everyone staff or promote a scam. The evil is flowing through me.
Well, believe it or not, this is not a power tripping dream that I had. This is a reality. Because the popular Discord alt bot, Double Counter, might have made some seriously amateur mistakes regarding security of their bot and dashboard. The only good news of this is that it didn't fall into the wrong hands. (or maybe it did cause it fell into mine)
LINKS
-----------------------------------------------------------------------------
xyzeva's socials
kibty.town/
github.com/xyzeva
SOCIALS
-----------------------------------------------------------------------------
Discord Server
discord.gg/ntts
Twitter
twitter.com/notexttospeech
TIMESTAMPS
-----------------------------------------------------------------------------
00:00 - Double Counter
00:49 - Vulnerability 1: da password in da public code
02:21 - Vulnerability 2: Oppenheimer of Discord
07:31 - Bye Bye Privacy Lens
No Text To Speech
コメント