How I Discovered a High-Severity Vulnerability on Discord (and got rewarded)

Mirzəbaba
2 min read6 days ago

--

Recently, I found a vulnerability that ratelimits users Discord account and locks their Discord account for minutes/hours for using Discord’s any features. The vulnerability also caused to lagging users Discord client (or browser) because it was sending high amount of requests on background.

Discord has a domain that uses it for Discord’s template features (example: discord.new/aKWJj5hJ) and renders it on Discord. When you add a Discord

When you add a Javascript Array instead of template ID (example: discord.new/toLocaleString), Discord will fail to render it and trying to keep doing it on loop forever and indeed, it will send many requests on background. Just one link with Javascript Array won’t do much thing, it’ll just send many requests and it will not count as vulnerability so I tried to do more things and asked to myself, what would happen if I send hundreds of that link in different channels? I did that to see if something will happen and it started lagging my PC, after some time I saw that I got ratelimited for a hour and can’t use any feature of Discord.

After that, I created a report for Discord’s security team and they fixed it so the vulnerability is no longer can be reproduced. Discord’s Security Team rewarded me with $$$$ bounty and Bug Hunter Badge on Discord. It was my second high severity vulnerability, I’ll write about my first high-severity vulnerability soon.

--

--

No responses yet