Bug Bounty
Published in

Bug Bounty

Telegram Report: SSRF leads to DOS attack [Reports that didn't make it]

Summary

When a Telegram user (or bot) sends a message containing an URL to another user, the Telegram Bot sends a request to check the URL. This is a privacy issue in my view, because URLs and some parts of your conversations are being read by a machine, the end-to-end encryption is not enforced in this case. We also detect that if (by mistake) you append text to the URLs that text will be send to the bot as well.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store