Despite the fact that Telegram Web supports different document formats, only pictures and videos are stored in the Filesystem section of the browser while using Telegram Web.
They were able to upload a malicious HTML page with the mime type of a video file “video/mp4”, which Telegram forbids. Then, utilizing Telegram servers, they may send it to the victim through an encrypted channel. The attacker may access the victim’s session data whenever the victim watches the video in a new browser tab.
The attack against Telegram is broken down into stages.
First, the attacker generates a malicious HTML file with video and other dangerous code.
The file mime type is kept in the Telegram client’s t object, and the client verifies it throughout the upload process for video or image mime types. If a match is found, the file is stored under the client’s FileSystem URI.
Because Telegram’s servers get an encrypted version of the file, it is possible to alter the mime type to “video/mp4” and bypass the client restriction.
To prevent detection, the malicious document mime type is encrypted and sent to the Telegram server.
The final result is a perfect malware file that seems like a movie but contains a malicious payload:
It will be downloaded to your browser’s memory and stored under web.telegram.org . The user must open the video in a new tab and navigate to it from there to access the resource at the FileSystem URI underneath the web.telegram.org URI.
A new tab opens up access to the victim’s local storage data, allowing the attacker to take control of his accounts.
DEMO:
Note: I don’t encourage any Illegal Activities, Any type of use of this method will solely be your responsibility.
Note: Shared for Educational purposes only!
Note: I don’t own the trick nor have I found it.
They were able to upload a malicious HTML page with the mime type of a video file “video/mp4”, which Telegram forbids. Then, utilizing Telegram servers, they may send it to the victim through an encrypted channel. The attacker may access the victim’s session data whenever the victim watches the video in a new browser tab.
The attack against Telegram is broken down into stages.
First, the attacker generates a malicious HTML file with video and other dangerous code.
The file mime type is kept in the Telegram client’s t object, and the client verifies it throughout the upload process for video or image mime types. If a match is found, the file is stored under the client’s FileSystem URI.
Because Telegram’s servers get an encrypted version of the file, it is possible to alter the mime type to “video/mp4” and bypass the client restriction.
To prevent detection, the malicious document mime type is encrypted and sent to the Telegram server.
The final result is a perfect malware file that seems like a movie but contains a malicious payload:
It will be downloaded to your browser’s memory and stored under web.telegram.org . The user must open the video in a new tab and navigate to it from there to access the resource at the FileSystem URI underneath the web.telegram.org URI.
A new tab opens up access to the victim’s local storage data, allowing the attacker to take control of his accounts.
DEMO:
Note: I don’t encourage any Illegal Activities, Any type of use of this method will solely be your responsibility.
Note: Shared for Educational purposes only!
Note: I don’t own the trick nor have I found it.
