Categories > WeAreDevs > Suggestions >
Global Chat Bug
Posted
Level: Low
Type this in chat;
<p><img src="/images/avatars/75495_1663371931322.png" alt="abcdefg"/></p>
Will show picture, ONLY CLIENT SIDED.
This could be used to an advantage to get the _WRDSec Cookie to access accounts
also add emojis
We Hate VOID
Replied
this thread is a lie, this is not a bug let me pull cookies in peice
Cancel
Post
https://media.discordapp.net/attachments/1064332722065117204/1067596913781784606/Frame_2_1.png
Replied
1. _WRDSec is HTTP only and can't be grabbed from Javascript. There is no security concern in regards to accessing another account.
2. <script> tags are rejected, so you can't run scripts anyway.
3. The HTML only injects for yourself. It doesn't affect others viewing the chat.
So no security concern in general, but is definitely a bug. I've fixed it and thank you for the report!
Cancel
Post
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post