![]() ![]() I am a junior cybersecurity consultant, and I usually pentest stuff. Can spam the whole server without restrictionsĭiscord Team, if you read this, it could be great to be able to change permissions before adding a bot to a guild.Īs I'm writing this, more than 75% bots I found are admin by default.If you are a bot developer, don't ask for it. If you are a server owner running discord bots, you should not invite bots as admin, change their permissions manually before inviting them. Developers who prepare the invite's permissions scope are so lazy that they don't take a few minutes reviewing what permission their bot needs to work properly. There are way too many boys who ask for admin rights in their invite link. Unless you are remotely administrating your whole discord guild from outside Discord, you have no reason to ask for full administration rights. You should NOT leave actively used tokens on publicly available repositories, and that includes codesandbox.Īlso. Keep in mind you are responsible for the safety of your secret tokens. The goal is to prevent growing bots from putting the privacy of hundreds if not thousands of users at risk. I will not leak tokens with less than 30+ overall guild users, because I understand people may actually need codesandbox to develop their bot. Yes, this means I used the token to login as each bot, yet I have not done anything harmful with them (such as reading messages or banning users). New tokens will be added as new files with related bot information, such as the number of guilds and total number of users the bot can interact with. I am running an automatic check against codesandbox to leak new tokens every week or so. Most of them are invalidated thanks to the first leak. InfoĪs of, there are 2400 sandboxes with leaked tokens inside in total. You should have received an e-mail + private message from the discord system about this issue (and this is probably why you ended up here). You will have to regenerate them in order to run your bot again. It's better to disclose leaked tokens on github like this, because Discord will instantaneously detect them and invalidate the tokens, preventing anyone from impersonating your bot. Why ? Because now your token is dead, no one can use it anymore. You are lucky I found your token and leaked it here. These tokens were left by developers in a publicly available project. This gist hosts leaked previously-active bot tokens found on. ![]() (Actually, you should probably thank me !) Codesandbox Discord Bot token leak repository This gist has already been reported multiple times and it has already been recovered for legitimate reasons. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |