Closed Sanduhr32 closed 4 years ago
Yeah, Please fix this!
Exploit come from a missing everyone cyrilic filtering on Lookup command.
Serverinfo don't have this issue because of filterEveryone method call. https://github.com/jagrosh/Vortex/blob/master/src/main/java/com/jagrosh/vortex/commands/general/ServerinfoCmd.java#L54
And here is the lookup command. https://github.com/jagrosh/Vortex/blob/master/src/main/java/com/jagrosh/vortex/commands/tools/LookupCmd.java#L108
PR/Issue is or will be closed due being fixed.
Discord changed their sanitation character list which allows vortex to mention everyone in some specific conditions. This is an exploit.
@jagrosh it was just performed in your bots server and Discord Giveaways. We can't do nothing about it.