Shows Discord Nitro Code from chess.com username
The way ChessNitro works is by getting the User's UUID of the chess.com player.
Chess.com uses version 1 uuids to identify bots, players, and etc.
After getting the User's UUID, Then you'll have to get the promotional code by sending a request to https://www.chess.com/rpc/chesscom.partnership_offer_codes.v1.PartnershipOfferCodesService/RetrieveOfferCode, and the body should have the campaignId (The partnership they're doing, like Discord for example) & userUUID. Furthermore, when sending a request to this with a different UUID that isn't yours, it will still work, but it's not mean't to work whatsoever.
The codes aren't validated as the server doesn't check if they already claimed the code. So you'll have to self-validate the discord nitro promotional codes yourself.
With this vulnerability on chess.com's end, you aren't meant to redeem other chess.com players promotional codes. This can be also replaced besides claiming discord nitro promotionals with their next partnership they can do.
What the chess.com development team can do is require authentication on the endpoint and actually check if it's the User's UUID being used, if not, then it can easily deny access to the endpoint.
This vulnerability was noticed 10 hours after the promotion by Discord X chess.com was started. So far, 2 other people after that point noticed this issue, But other people are using account generators.
This project will be publicly archived when the issue is fixed, resolved, or leaked/used by others.
The author is not responsible for any malicious, harmful or illegal use of this project. This is to show that it's possible to do this vulnerability within chess.com and it needs to be resolved.
Not all Nitro codes will be unclaimed, and it can be claimed by the user already.
You can only get a nitro code every few minutes.
This project is licensed under The Unlicense.
QingJ © 2025
镜像随时可能失效,请加Q群300939539或关注我们的公众号极客氢云获取最新地址
