Partyhack 3.0 - Telegram bugbounty writeup

Transcript

1. Вступление

2. None
3. None
4. None

5. КАК-ТО МНЕ НУЖНО БЫЛО ПРИДУМАТЬ ТЕМУ ДЛЯ ДОКЛАДА Как я

   телеграм ломал
6. None
7. None

8. https://github.com/Bo0oM/fuzz.txt

9. https://github.com/Bo0oM/server-status-monitor

10. None
11. None
12. None

13. https://github.com/telegramdesktop/tdesktop/blob/cc2c13d0182c62dd5a89784a49ec375306 449797/Telegram/SourceFiles/core/crash_report_window.cpp#L506

14. None
15. None
16. None
17. None
18. None

19. Database: tdesktopdbase Table: users [4 columns] +----------+ | Column |

    +----------+ | id | int(11) | | login | | logincrc | | pwdhash | +----------+ Database: tdesktopdbase Table: keyvalue [3 columns] +--------+ | Column | +--------+ | key | | value | | id | +--------+ Database: tdesktopdbase Table: crashes [6 columns] +----------+ | Column | +----------+ | date | | version | | dump | | id | int(11) | | platform | | viewed | +----------+
20. None
21. None
22. None

23. https://t.me/WebPwn https://twitter.com/i_bo0om