Telegram Report: SSRF leads to DOS attack

3 years ago 177
BOOK THIS SPACE FOR AD
ARTICLE AD

Summary

When a Telegram user (or bot) sends a message containing an URL to another user, the Telegram Bot sends a request to check the URL. What if we could use this behavior to send many requests to a target host?

I used a python script to send messages to a Telegram bot, every message contains 70 URLs that are actually the same domain with a different path. I discovered that a filter was not allowing to repeat the URLS, but I only needed to add something in the end to bypass it.

Read Entire Article