Exploit Discord's cache system to remote upload payloads on Discord users machines
Exploit Discord’s cache system to hide payloads PoC
Remote upload embedded payload from image using EOF to Discord users machines through cache.
Depending on how NodeJS and Discord’s cache system works, you could potentially make this a full remote code execution exploit.
Step-by-step
Step 1
Embed payload to an image that’s less than 256 kb of size: python3 embed.py <image> <python payload>
For this proof-of-concept, my payload is:
print('Hello World!')
Step 2
Upload the image with the embedded payload to a Discord server as an emoji.
Step 3
Send the emoji in a text channel. Any member that displays that emoji will automatically download it with the embedded payload to cache.
Step 4
To actually execute the embedded payload, you’d have to make victim run a script like victim.py. The script will find and execute the embedded payload from the image in cache.
Video showcase
Note
The same trick can be done with profile avatars.
Credits
cs:
Have fun triggering AVs :p
GitHub
https://github.com/ecriminal/Exploit-Discord-Cache-System-PoC