Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7014 PoC — Improper multimedia file attachment validation in Telegram for Android app

Source
https://github.com/absholi7ly/PoC-for-CVE-2024-7014-Exploit
Associated Vulnerability
Title:Improper multimedia file attachment validation in Telegram for Android app (CVE-2024-7014)
Description:EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.
Description
Proof of Concept (PoC) for CVE-2024-7014 (EvilVideo) Exploit
Readme
# PoC for-CVE-2024-7014 Exploit
Proof of concept for the CVE-2024-7014 (EvilVideo) vulnerability in Telegram for Android (versions 10.14.4 and earlier). The program uploads a malicious file disguised as a video to a Telegram channel, exploiting the security vulnerability to install malware or redirect users.

## Prerequisites
* Python 3.x installed on your system.
* `pyTelegramBotAPI` library (`pip install pyTelegramBotAPI`).
* A Telegram bot token 
* A Telegram channel or chat ID where the bot has posting permissions.
* The malicious file (`Poc_CVE_2024_7014.txt`) and thumbnail image (`thumbnail.jpg`) in the same directory.

## Usage
* Open Poc_CVE_2024_7014.py and update the following variables:
* BOT_TOKEN: Replace with your Telegram bot token.
* CHAT_ID: Replace with the chat ID of your target channel (e.g., @testevilvideo).
* FILE_PATH: Ensure it points to the malicious file.
* CAPTION: Customize the caption if needed

### Important: 
Start with the file `Poc_CVE_2024_7014.txt` (which contains the HTML payload). After completing your modifications (e.g., updating the APK download link), rename it to `malicious_video.mp4`. This disguises the file as a video, exploiting the vulnerability.
     - Example: Edit `Poc_CVE_2024_7014.txt`, then save as `malicious_video.mp4`.

## Optional Thumbnail:
The script can include a thumbnail image (thumbnail.jpg) to make the "video" appear more legitimate.
To change the thumbnail, replace thumbnail.jpg with your desired image (recommended size: 320x180 pixels)

|                                                                 |
|:---------------------------------------------------------------:|
| ![Proof of Exploit Screenshot](Poc1.jpg) |
------------------------------------------------------------------------------------------
|                                                                 |
|:---------------------------------------------------------------:|
| ![Proof of Exploit Screenshot](poc2.jpg) |
File Snapshot

 [4.0K]  /data/pocs/de8a51873800faaede32264c8d4689bf9764293b
├── [ 11K]  LICENSE
├── [ 30K]  Poc1.jpg
├── [ 87K]  poc2.jpg
├── [ 944]  Poc_CVE_2024_7014.txt
├── [1.6K]  Poc.py
├── [1.9K]  README.md
└── [ 32K]  thumbnail.jpg

0 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →