Open pam-param-pam opened 1 month ago
There is a security risk, but as far as I know there currently is no API to get all the files uploaded by the webhook. Without knowing the message id that was sent using the webhook they can't delete it. So the only damage they can do is what you did now - removing webhooks and causing errors when try to use a deleted hook.
In reality you should use your own and shouldn't share them. These hooks that I provided they are in a server with no users. They are there for random users to test out the service. The only damage the attacker can do is to delete the hook, but if they know the hook and the attachment id then they can delete the file. But that should not happen if you're using your own hook and keeping it a secret.
Leaving a webhook URL in blank for everyone to see is a security risk. It would potentially allow everyone to see all files uploaded by it.
https://discordapp.com/api/webhooks/1117930895102451764/l_mX88ApLhYBMkuu95IOuD4Xda3IzJvuAyuCHFRSdjIXHWzRED_4ZJ_u56Fr-ue4Pgf2
I've removed the webhook for you.