目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-7014 PoC — Telegram 安全漏洞

来源
https://github.com/absholi7ly/PoC-for-CVE-2024-7014-Exploit
关联漏洞
标题:Telegram 安全漏洞 (CVE-2024-7014)
Description:Telegram是Telegram开源的一款即时通信移动应用程序。 Telegram 10.14.4版本及之前版本存在安全漏洞。攻击者利用该漏洞可以发送伪装成视频的恶意应用程序。
Description
Proof of Concept (PoC) for CVE-2024-7014 (EvilVideo) Exploit
介绍
# PoC for-CVE-2024-7014 Exploit
Proof of concept for the CVE-2024-7014 (EvilVideo) vulnerability in Telegram for Android (versions 10.14.4 and earlier). The program uploads a malicious file disguised as a video to a Telegram channel, exploiting the security vulnerability to install malware or redirect users.

## Prerequisites
* Python 3.x installed on your system.
* `pyTelegramBotAPI` library (`pip install pyTelegramBotAPI`).
* A Telegram bot token 
* A Telegram channel or chat ID where the bot has posting permissions.
* The malicious file (`Poc_CVE_2024_7014.txt`) and thumbnail image (`thumbnail.jpg`) in the same directory.

## Usage
* Open Poc_CVE_2024_7014.py and update the following variables:
* BOT_TOKEN: Replace with your Telegram bot token.
* CHAT_ID: Replace with the chat ID of your target channel (e.g., @testevilvideo).
* FILE_PATH: Ensure it points to the malicious file.
* CAPTION: Customize the caption if needed

### Important: 
Start with the file `Poc_CVE_2024_7014.txt` (which contains the HTML payload). After completing your modifications (e.g., updating the APK download link), rename it to `malicious_video.mp4`. This disguises the file as a video, exploiting the vulnerability.
     - Example: Edit `Poc_CVE_2024_7014.txt`, then save as `malicious_video.mp4`.

## Optional Thumbnail:
The script can include a thumbnail image (thumbnail.jpg) to make the "video" appear more legitimate.
To change the thumbnail, replace thumbnail.jpg with your desired image (recommended size: 320x180 pixels)

|                                                                 |
|:---------------------------------------------------------------:|
| ![Proof of Exploit Screenshot](Poc1.jpg) |
------------------------------------------------------------------------------------------
|                                                                 |
|:---------------------------------------------------------------:|
| ![Proof of Exploit Screenshot](poc2.jpg) |
文件快照

 [4.0K]  /data/pocs/de8a51873800faaede32264c8d4689bf9764293b
├── [ 11K]  LICENSE
├── [ 30K]  Poc1.jpg
├── [ 87K]  poc2.jpg
├── [ 944]  Poc_CVE_2024_7014.txt
├── [1.6K]  Poc.py
├── [1.9K]  README.md
└── [ 32K]  thumbnail.jpg

0 directories, 7 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →