Davide – Medium

Apr 21

Telegram bug bounties: RCE, privacy issues, and more…

Summary RCE via WebView (May 2022) WebK and WebZ, no warning appears when opening external links (May 2021) IP leak Telegram Web (old version) (May 2021) Leak users behind anonymous channel posts (December 2021) Intro In Italy, we have pizza, pasta, and people looking for bugs. …

Cybersecurity

7 min read

Telegram bug bounties: RCE, privacy issues, and more…

Cybersecurity

7 min read

Apr 21, 2021

Telegram bug bounties: XSS, privacy issues, official bot exploitation and more…

Summary Insufficient verification over callback_data parameter (May 2018) XSS Telegram.org (December 2018) Privacy of Profile Pictures (March 2019) Sticker crash (July-December 2019) Permissions issues on bugs.telegram.org (December 2020) Intro In Italy we have pizza, pasta and people looking for bugs. …

Cybersecurity

10 min read

Telegram bug bounties: XSS, privacy issues, official bot exploitation and more…

Cybersecurity

10 min read

Feb 12, 2020

A browser extension to download site sources (with /.git/)

Introduction A lot of people use git to manage their source codes, this widespread used tool helps developers to deal with their software versions (and much more…) Unfortunately, most people use git on their website without paying attention to an important and particular folder named .git which is created in the…

Cybersecurity

4 min read

A browser extension to download site sources (with /.git/)

Cybersecurity

4 min read