Tools

We Pwned X, Vercel, Cursor, And Discord Through A Supply-chain Attack

2025-12-18 0 views admin
We Pwned X, Vercel, Cursor, And Discord Through A Supply-chain Attack

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one)) how to hack discord, vercel, and more with one easy trick (eva) Redacted by Counsel: A supply chain postmortem (MDL)

My story begins on Friday, November 7, 2025, when Discord announced a brand new update to their developer documentation platform. They were previously using a custom built documentation platform, but were switching to an AI-powered documentation platform.

Discord is one of my favorite places to hunt for vulnerabilities since I'm very familiar with their API and platform. I'm at the top of their bug bounty leaderboard having reported nearly 100 vulnerabilities over the last few years. After you've gone through every feature at least 10 times, it gets boring.

I found this new update exciting, and as soon as I saw the announcement, I started looking through how they implemented this new documentation platform.

Mintlify is an AI-powered documentation platform. You write your documentation as markdown and Mintlify turns it into a beautiful documentation platform with all the modern features a documentation platform needs. (Despite the vulnerabilities we found, I would highly recommend them. They make it really easy to create beautiful docs that work.)

Mintlify-hosted documentation sites are on the *.mintlify.app domains, with support for custom domains. In Discord's case, they were just proxying certain routes to their Mintlify documentation at discord.mintlify.app.

Every Mintlify subdomain has a /_mintlify/* path that is used internally on the platform to power certain features. Regardless of whether it's hosted through the mintlify.app domain or a custom domain, the /_mintlify path must be accessible to power the documentation.

Source: HackerNews

🏷️ Tags

developerfreeappapi

More from Tools

Beginner's Guide To The Nano-banana-pro Model By Google On Replicate

Beginner's Guide To The Nano-banana-pro Model By Google On Replicate

2025-12-19 0
The Arbitrage Bot Arms Race: What We Learned Running FlashArb in Production

The Arbitrage Bot Arms Race: What We Learned Running FlashArb in Production

2025-12-19 0
Supercapacitor Innovation with Graphene Aerogel & Carbon Fiber

Supercapacitor Innovation with Graphene Aerogel & Carbon Fiber

2025-12-19 0
Building a Real-Time Data Pipeline from Shopify to Meta's Marketing API

Building a Real-Time Data Pipeline from Shopify to Meta's Marketing API

2025-12-19 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views