- WAF bypass XSS Vulnerability in Telegram
- Reflected cross-site scripting (or XSS) arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way.
- Payload: echo https://target.com | waybackurls | grep "=" | egrep -iv".(jpg|jpeg|gif|css|tif|woff|woff2|icon|pdf|svg|txt|js)" | uro | qsreplace">'|freq Target: Expect More. Pay Less.
- Update to latest version of Telegram