How to Hack Discord, Vercel and More with One Easy Trick

Source: https://kibty.town/blog/arc/ Author: kibty.town Date: 2025-12-20

Summary

Security research exposing a cross-site request forgery vulnerability in OAuth integrations across multiple major platforms. Demonstrates how misconfigured OAuth allows account takeover on Discord, Vercel, and others.

Key Claims

  • Vulnerability: OAuth CSRF — state parameter missing or not validated allows attacker to bind their authentication to victim’s account.
  • Affected: Discord, Vercel, and several other platforms were vulnerable at time of discovery.
  • Impact: account takeover, credential theft.
  • Root cause: incorrect OAuth implementation, not a platform-specific bug — widespread across the industry.

Concepts

  • Security engineering essay; relevant for any AI product handling OAuth/integrations