| ▲ | bangaladore 19 hours ago | |
Yeah, this one must be socially engineered-- but a (fake) login page when accessing a docs site would fool most people. Thankfully the browser prevents sending the cookies cross origin or else this is just a single click exploit. Edit: I gave too much credit to Discord here. They aren't protecting their tokens correctly. | ||
| ▲ | rvnx 14 hours ago | parent [-] | |
You can also just be logged-in on Discord web, so everything is accessible too | ||