Telegram Web 0.5.5 Empty Username Bypass

2016.10.18
ir Ashiyane Digital Security Team (IR) ir
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

######################################################################### # Exploit Title: Telegram Web Empty Username Bypass # Date: 18/10/2016 # Author: Ashiyane Digital Security Team # Software Link: https://web.telegram.org # version : Telegram Web 0.5.5 # Tested on: Windows 7 ########################################################################## Description: Telegram filters null bytes for username input but you can bypass this filter with "NOP"s (0x90) on web version of Telegram because this filter isn't from server's codes side ########################################################################## Step 1: First you must decode "0x90" with hackbar or ... ------------------- Step 2: Go to https://web.telegram.org. Then go to "Settings" tab. Then click on your username and change it to decoded hex. ------------------- Now you have an empty username. When someone forwards your messages, other peaple can't locate your profile from forwarded messages. ########################################################################## # Discovered by : MALWaRE43 ##########################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top