Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7014 PoC — Telegram 安全漏洞

Source
https://github.com/absholi7ly/PoC-for-CVE-2024-7014-Exploit
Associated Vulnerability
Title:Telegram 安全漏洞 (CVE-2024-7014)
Description:Telegram是Telegram开源的一款即时通信移动应用程序。 Telegram 10.14.4版本及之前版本存在安全漏洞。攻击者利用该漏洞可以发送伪装成视频的恶意应用程序。
Description
Proof of Concept (PoC) for CVE-2024-7014 (EvilVideo) Exploit
Readme
# PoC for-CVE-2024-7014 Exploit
Proof of concept for the CVE-2024-7014 (EvilVideo) vulnerability in Telegram for Android (versions 10.14.4 and earlier). The program uploads a malicious file disguised as a video to a Telegram channel, exploiting the security vulnerability to install malware or redirect users.

## Prerequisites
* Python 3.x installed on your system.
* `pyTelegramBotAPI` library (`pip install pyTelegramBotAPI`).
* A Telegram bot token 
* A Telegram channel or chat ID where the bot has posting permissions.
* The malicious file (`Poc_CVE_2024_7014.txt`) and thumbnail image (`thumbnail.jpg`) in the same directory.

## Usage
* Open Poc_CVE_2024_7014.py and update the following variables:
* BOT_TOKEN: Replace with your Telegram bot token.
* CHAT_ID: Replace with the chat ID of your target channel (e.g., @testevilvideo).
* FILE_PATH: Ensure it points to the malicious file.
* CAPTION: Customize the caption if needed

### Important: 
Start with the file `Poc_CVE_2024_7014.txt` (which contains the HTML payload). After completing your modifications (e.g., updating the APK download link), rename it to `malicious_video.mp4`. This disguises the file as a video, exploiting the vulnerability.
     - Example: Edit `Poc_CVE_2024_7014.txt`, then save as `malicious_video.mp4`.

## Optional Thumbnail:
The script can include a thumbnail image (thumbnail.jpg) to make the "video" appear more legitimate.
To change the thumbnail, replace thumbnail.jpg with your desired image (recommended size: 320x180 pixels)

|                                                                 |
|:---------------------------------------------------------------:|
| ![Proof of Exploit Screenshot](Poc1.jpg) |
------------------------------------------------------------------------------------------
|                                                                 |
|:---------------------------------------------------------------:|
| ![Proof of Exploit Screenshot](poc2.jpg) |
File Snapshot

 [4.0K]  /data/pocs/de8a51873800faaede32264c8d4689bf9764293b
├── [ 11K]  LICENSE
├── [ 30K]  Poc1.jpg
├── [ 87K]  poc2.jpg
├── [ 944]  Poc_CVE_2024_7014.txt
├── [1.6K]  Poc.py
├── [1.9K]  README.md
└── [ 32K]  thumbnail.jpg

0 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.