While looking at ways to exploit @taviso's shell in the ghost vulnerability I found a way to fake thumbnails in @Telegram (CVE-2018-16801). Telegram Desktop, Web and Mobile are affected. A few differences do exist across platforms. (e.g. .exe files in windows dont show the img)pic.twitter.com/1LKhEppKHD
-
-
ah, so Telegram does not set it? That's stupid. Well, I find the very idea of running random code by double click action pretty stupid to begin with, still cannot understand what's the proper use scenario in 2018, but..
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.