Notice: file_put_contents(): Write of 265 bytes failed with errno=28 No space left on device in /var/www/tg-me/post.php on line 50

Warning: file_put_contents(): Only 8192 of 8457 bytes written, possibly out of free disk space in /var/www/tg-me/post.php on line 50
咕 Billchen 咕 | | Telegram Webview: billchenla/19336 -
Telegram Group & Telegram Channel
Telegram Group » Canada » 咕 Billchen 咕 | » Telegram Webview » Post 19336
咕 Billchen 咕 |
Forwarded from MiaoTony's Box (MiaoTony 🐱)
#今天又看了啥 #telegram #security #CVE #XSS
Telegram Web app XSS/Session Hijacking 1-click [CVE-2024–33905]

Attack surface: Telegram Mini Apps
“Telegram Mini Apps are essentially web applications that you can run directly within the Telegram messenger interface. Mini Apps support seamless authorization, integrated crypto and fiat payments (via Google Pay and Apple Pay), tailored push notifications, and more.”
This attack surface also affects web3 users because it handles crypto payments through the TON Blockchain.

Telegram fixed the flaw on March 11th, 2024.
Vulnerable version: Telegram WebK 2.0.0 (486) and below
Fixed version: Telegram WebK 2.0.0 (488)

https://medium.com/@pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90
Medium
Telegram Web app XSS/Session Hijacking 1-click
This is the technical write up of a severe vulnerability I reported to Telegram’s Bug Bounty program on March 9th, 2024. 
Telegram fixed…
www.tg-me.com/ca/咕 Billchen 咕 | 咕咕咕咕咕?/com.billchenla/19336
623 viewsbillchenchina | Nya!



tg-me.com/billchenla/19336
Create:
Last Update:

#今天又看了啥 #telegram #security #CVE #XSS
Telegram Web app XSS/Session Hijacking 1-click [CVE-2024–33905]

Attack surface: Telegram Mini Apps
“Telegram Mini Apps are essentially web applications that you can run directly within the Telegram messenger interface. Mini Apps support seamless authorization, integrated crypto and fiat payments (via Google Pay and Apple Pay), tailored push notifications, and more.”
This attack surface also affects web3 users because it handles crypto payments through the TON Blockchain.

Telegram fixed the flaw on March 11th, 2024.
Vulnerable version: Telegram WebK 2.0.0 (486) and below
Fixed version: Telegram WebK 2.0.0 (488)

https://medium.com/@pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90

BY 咕 Billchen 咕 |


Warning: Undefined variable $i in /var/www/tg-me/post.php on line 283

Share with your friend now:
tg-me.com/billchenla/19336

View MORE
Open in Telegram


咕 Billchen 咕 | 咕咕咕咕咕? Telegram | DID YOU KNOW?

Date: |

Dump Scam in Leaked Telegram Chat

A leaked Telegram discussion by 50 so-called crypto influencers has exposed the extraordinary steps they take in order to profit on the back off unsuspecting defi investors. According to a leaked screenshot of the chat, an elaborate plan to defraud defi investors using the worthless “$Few” tokens had been hatched. $Few tokens would be airdropped to some of the influencers who in turn promoted these to unsuspecting followers on Twitter.

What is Telegram?

Telegram is a cloud-based instant messaging service that has been making rounds as a popular option for those who wish to keep their messages secure. Telegram boasts a collection of different features, but it’s best known for its ability to secure messages and media by encrypting them during transit; this prevents third-parties from snooping on messages easily. Let’s take a look at what Telegram can do and why you might want to use it.

咕 Billchen 咕 | 咕咕咕咕咕? from ca


#今天又看了啥 #telegram #security #CVE #XSSTelegram Web app XSS/Session Hijacking 1-click [CVE-2024–33905]Attack surface: Telegram Mini Apps“Telegram Mini Apps are essentially web applications that you can run directly within the Telegram messenger interface. Mini Apps support seamless authorization

 咕 Billchen 咕 | TG
Webview: 19336
咕 Billchen 咕 |.Telegram Webview
咕 Billchen 咕 | Telegram TG Channel
Telegram Updated:
Telegram 咕 Billchen 咕 |
FROM USA