bug-bounty448
google355
microsoft313
facebook262
xss238
apple180
malware174
rce149
exploit124
bragging-post101
cve99
account-takeover93
phishing83
csrf79
privilege-escalation77
stored-xss65
supply-chain65
authentication-bypass63
dos60
reflected-xss57
browser57
react50
cloudflare49
reverse-engineering48
input-validation48
cross-site-scripting48
access-control47
smart-contract45
docker45
aws45
node44
ethereum43
web343
sql-injection43
web-security42
defi42
web-application41
ssrf38
burp-suite35
vulnerability-disclosure34
idor34
race-condition33
html-injection33
info-disclosure33
smart-contract-vulnerability32
writeup32
buffer-overflow32
cloud32
oauth32
information-disclosure30
0
7/10
bug-bounty
Stored blind XSS vulnerability in Telegram iOS app allowing arbitrary HTML/JavaScript execution via unvalidated HTML files in webview, enabling device fingerprinting, user activity tracking, and IP geolocation. Successfully exploited by uploading malicious HTML file that executed JavaScript to extract navigator object data and communicate with attacker server.
stored-xss
blind-xss
ios
webview
telegram
whatsapp
html-injection
device-fingerprinting
user-tracking
information-disclosure
bug-bounty-writeup
Telegram
WhatsApp
Facebook
CVE-2018-UNKNOWN
omespino
iPhone 6
iPhone 7
iOS 11.2.5
iOS 11.2.6
Telegram iOS 4.7.1