Important Message | Security RCE/Exploit in discord

As some may already be aware; There’s a new scam going around on Discord so be extremely cautious. In the setup for this kind of attack, the scammer will send you an image, claiming that your face has been leaked, but the image won’t load. Clicking on this image to view it in full-size will execute the embedded code and will allow the scammers to steal your details so be extremely careful around images that haven’t loaded. Stay safe, keep your account credentials secure, think twice before clicking links/images, enable 2FA on your accounts, and spread awareness of any scams you stumble upon. If you encounter something like this—suspicious links or image files, report it to a mod immediately.

More information on attacks involving embedded code in images, you can give this a read: https://blog.reversinglabs.com/blog/malware-in-images

Due to this, we have removed image perms from all members.

P.S Some information in the text are not originally mine, and simply read from other servers and sources.

UPDATE ON VULNERABILITY(announcement from “dani’s basement”) here is the research link to the supposed related CVE.


CVE - CVE-2020-15174

Credits:
https://news.ycombinator.com/item?id=24822755
https://www.reddit.com/r/netsec/comments/jdjtfg/rce_in_discord_desktop_app_via_cve202015174/
https://portswigger.net/daily-swig/discord-desktop-app-vulnerable-to-rce-via-chained-exploit
https://nvd.nist.gov/vuln/detail/CVE-2020-15174 or https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15174
https://mksben.l0.cm/2020/10/discord-desktop-rce.html (new)
ExploitCrack, dani’s basement servers

2 Likes

1 Like

Not the only exploit… As a PoC We took a scam Marketplace invite and hid it within Scammer.info We’re debugging the “Black Line” issue but Ghostbin.co has went offline making the exploit hard to reproduce. We’ve made an IP Logger work as well, But you have to pass the link to a Redirect to get the IP While In transport or a bunch of bots pop up.

Basically you abuse spoiler tags so much that it allows a link to be hidden at the bottom of the page. In this you see “Scammer.info” but you see a Discord Server invite embed posted… What’s not seen is the massive amount of spoiler tags which end up in a discord invite link.

In this photo you can see how the exploit is crafted… It seems to put a black line but It didn’t when copied from ghostbin.co it didn’t. the website inactive. Cloudflare gives a 522 Error.

The ghostbin is working but only the index.php file has giving Couldflare error.

1 Like

Interesting It was Ghostbin.co and Not ghostbin.com so idk, I’ve been having hard times accessing the page.
I get a 502 Bad Gateway error.

also i got error

but do you know the paste?

Yeah https://ghostbin.co/paste/ddpp5x

archive.org didn’t archive that, we need waiting if ghostbin.co can be fixed

It’s been down for quite a while, IDK If the server is dead but the host isn’t or what’s the case. I Provided a Github Archive of where it came from.

I know that archive from before.

1 Like


if you try to remove multiple lines then it will work without spoiler tags

Looks like you removed the http:// tag so yeah discord will work, Other websites require http or https idk about the exploit working outside of python or other things.

weird

I dont want lose this discord by discord only because I’ve made api abuse.

Yeah but the likely hood of this happening is slim to none. Discord isn’t going to accept 3rd party submissions to terminate someones account. However discord would need to have someone report the message link that was abusing the API, So Long as nobody else sees it then whatever.

Here is example: