- May 8, 2015
- 967
- 934
- 211
Hey, i know about that since some time ago but i decided to share this cause i got a victim of them.
As you may know there are a plenty bots for Discord out in the woods, and some of them got very popular:
All of the listed bots can be 'rented' for free and cause of that it's very easy to set the bot up for your server. But cause of the new OAuth2 system admins don't take a closer look at the permissions they give out for bots. For example the RH1-N0 bot by SexualRhinoceros provides the following invite URL in his official documentation:
https://discordapp.com/oauth2/authorize?&client_id=170242612425392128&scope=bot&permissions=66321471
which gives the bot way more permissions then he will ever need:
What concerns me even more is that the bot is begging for more permissions if you take his permissions from him:
As you may know there are a plenty bots for Discord out in the woods, and some of them got very popular:
All of the listed bots can be 'rented' for free and cause of that it's very easy to set the bot up for your server. But cause of the new OAuth2 system admins don't take a closer look at the permissions they give out for bots. For example the RH1-N0 bot by SexualRhinoceros provides the following invite URL in his official documentation:
https://discordapp.com/oauth2/authorize?&client_id=170242612425392128&scope=bot&permissions=66321471
which gives the bot way more permissions then he will ever need:
What concerns me even more is that the bot is begging for more permissions if you take his permissions from him:
