coffeetools: `choose` can be abused to spam links and mentions

coffeebank / coffee-cogs

Discord bots for webhooks, invite-based welcomes, moving messages, and more ☕🧩

https://coffeebank.github.io/coffee-cogs/

GNU General Public License v3.0

20 stars 17 forks source link

coffeetools: `choose` can be abused to spam links and mentions #5

Closed coffeebank closed 3 years ago

coffeebank commented 3 years ago

Because the text is just returned, this can be abused to elevate privileges and send links with nasty link previews, abuse @/everyone pings, among many other potential violations.

async def choose(self, ctx, *, choosetext):
    choosearray = choosetext.split("|")
    return await ctx.send(random.choice(choosearray))