#########################################################################
# Exploit Title: Telegram Web Empty Username Bypass
# Date: 18/10/2016
# Author: Ashiyane Digital Security Team
# Software Link: https://web.telegram.org
# version : Telegram Web 0.5.5
# Tested on: Windows 7
##########################################################################
Description:
Telegram filters null bytes for username input but you can bypass this filter with "NOP"s (0x90) on web version of Telegram because this filter isn't from server's codes side
##########################################################################
Step 1:
First you must decode "0x90" with hackbar or ...
-------------------
Step 2:
Go to https://web.telegram.org.
Then go to "Settings" tab.
Then click on your username and change it to decoded hex.
-------------------
Now you have an empty username.
When someone forwards your messages, other peaple can't locate your profile from forwarded messages.
##########################################################################
# Discovered by : MALWaRE43
##########################################################################