Telegram Group & Telegram Channel
Telegram Group » Korea » 咕 Billchen 咕 | » Telegram Webview » Post 19336
咕 Billchen 咕 |
Forwarded from MiaoTony's Box (MiaoTony 🐱)
#今天又看了啥 #telegram #security #CVE #XSS
Telegram Web app XSS/Session Hijacking 1-click [CVE-2024–33905]

Attack surface: Telegram Mini Apps
“Telegram Mini Apps are essentially web applications that you can run directly within the Telegram messenger interface. Mini Apps support seamless authorization, integrated crypto and fiat payments (via Google Pay and Apple Pay), tailored push notifications, and more.”
This attack surface also affects web3 users because it handles crypto payments through the TON Blockchain.

Telegram fixed the flaw on March 11th, 2024.
Vulnerable version: Telegram WebK 2.0.0 (486) and below
Fixed version: Telegram WebK 2.0.0 (488)

https://medium.com/@pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90
Medium
Telegram Web app XSS/Session Hijacking 1-click
This is the technical write up of a severe vulnerability I reported to Telegram’s Bug Bounty program on March 9th, 2024. 
Telegram fixed…
www.tg-me.com/kr/咕 Billchen 咕 | 咕咕咕咕咕?/com.billchenla/19336
615 viewsbillchenchina | Nya!



tg-me.com/billchenla/19336
Create:
Last Update:

#今天又看了啥 #telegram #security #CVE #XSS
Telegram Web app XSS/Session Hijacking 1-click [CVE-2024–33905]

Attack surface: Telegram Mini Apps
“Telegram Mini Apps are essentially web applications that you can run directly within the Telegram messenger interface. Mini Apps support seamless authorization, integrated crypto and fiat payments (via Google Pay and Apple Pay), tailored push notifications, and more.”
This attack surface also affects web3 users because it handles crypto payments through the TON Blockchain.

Telegram fixed the flaw on March 11th, 2024.
Vulnerable version: Telegram WebK 2.0.0 (486) and below
Fixed version: Telegram WebK 2.0.0 (488)

https://medium.com/@pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90

BY 咕 Billchen 咕 |


Warning: Undefined variable $i in /var/www/tg-me/post.php on line 283

Share with your friend now:
tg-me.com/billchenla/19336

View MORE
Open in Telegram


咕 Billchen 咕 | 咕咕咕咕咕? Telegram | DID YOU KNOW?

Date: |

That strategy is the acquisition of a value-priced company by a growth company. Using the growth company's higher-priced stock for the acquisition can produce outsized revenue and earnings growth. Even better is the use of cash, particularly in a growth period when financial aggressiveness is accepted and even positively viewed.he key public rationale behind this strategy is synergy - the 1+1=3 view. In many cases, synergy does occur and is valuable. However, in other cases, particularly as the strategy gains popularity, it doesn't. Joining two different organizations, workforces and cultures is a challenge. Simply putting two separate organizations together necessarily creates disruptions and conflicts that can undermine both operations.

咕 Billchen 咕 | 咕咕咕咕咕? from kr


#今天又看了啥 #telegram #security #CVE #XSSTelegram Web app XSS/Session Hijacking 1-click [CVE-2024–33905]Attack surface: Telegram Mini Apps“Telegram Mini Apps are essentially web applications that you can run directly within the Telegram messenger interface. Mini Apps support seamless authorization

 咕 Billchen 咕 | TG
Webview: 19336
咕 Billchen 咕 |.Telegram Webview
咕 Billchen 咕 | Telegram TG Channel
Telegram Updated:
Telegram 咕 Billchen 咕 |
FROM USA