How to Hack Discord, Vercel and More with One Easy Trick
Source: https://kibty.town/blog/arc/ Author: kibty.town Date: 2025-12-20
Summary
Security research exposing a cross-site request forgery vulnerability in OAuth integrations across multiple major platforms. Demonstrates how misconfigured OAuth allows account takeover on Discord, Vercel, and others.
Key Claims
- Vulnerability: OAuth CSRF — state parameter missing or not validated allows attacker to bind their authentication to victim’s account.
- Affected: Discord, Vercel, and several other platforms were vulnerable at time of discovery.
- Impact: account takeover, credential theft.
- Root cause: incorrect OAuth implementation, not a platform-specific bug — widespread across the industry.
Concepts
- Security engineering essay; relevant for any AI product handling OAuth/integrations