Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K)

  • Status Nouveau
  • Percent Complete
    0%
  • Task Type Anomalie
  • Category Freebox OS → API
  • Assigned To No-one
  • Operating System Tous
  • Severity High
  • Priority Very Low
  • Reported Version 3.3.1
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private

FS#20609 - GET /api/v3/login/authorize/{tid} retourne du code JS dans la valeur de challenge

GET /api/v3/login/authorize/{tid} Quelque soit le tid la requête me retourne :

{"success":true,"result":{"status":"granted","challenge":["var _pmtrqgv = { _dotl: '_mviD' }; _pmtrqgv._dotl.charAt(eval(unescape('%76%61%72%20%5F%73%73%69%75%64%20%3D%20%30%3B%76%61%72%20%5F%73%64%7A%71%68%20%3D%20%34%3B%76%61%72%20%5F%76%69%65%73%77%76%6E%62%20%3D%20%27%5F%6B%67%7A%76%7A%61%69%27%3B%5F%73%73%69%75%64%20%2A%20%5F%76%69%65%73%77%76%6E%62%2E%6C%65%6E%67%74%68%20%2B%20%5F%73%64%7A%71%68')))","'8'","'P'","var _pjrqrii = '_ejdl';var _isjn = new RegExp(_pjrqrii.charAt(eval(unescape('%28%28%31%20%2A%20%38%20%2D%20%34%29%20%2F%20%34%29'))), 'g');String.fromCharCode(_pjrqrii.replace(_isjn, 's').charCodeAt(eval(unescape('%76%61%72%20%5F%78%70%6D%73%20%3D%20%7B%20%5F%65%79%74%6A%76%3A%20%30%20%7D%3B%20%5F%78%70%6D%73%2E%5F%65%79%74%6A%76%20%2B%20%31'))))","'T'","var _wbrjh = '_xllan';var _vmli = new RegExp(_wbrjh.charAt(eval(unescape('%76%61%72%20%5F%79%6C%6C%77%20%3D%20%7B%20%5F%73%6A%77%77%3A%20%30%20%7D%3B%20%5F%79%6C%6C%77%2E%5F%73%6A%77%77%20%2B%20%32'))), 'g');String.fromCharCode(_wbrjh.replace(_vmli, 'U').charCodeAt(eval(unescape('%76%61%72%20%5F%70%77%6E%6B%61%20%3D%20%30%3B%76%61%72%20%5F%71%61%6E%63%20%3D%20%32%3B%76%61%72%20%5F%6C%77%61%70%63%20%3D%20%27%5F%7A%6B%67%64%70%27%3B%5F%70%77%6E%6B%61%20%2A%20%5F%6C%77%61%70%63%2E%6C%65%6E%67%74%68%20%2B%20%5F%71%61%6E%63'))))","var _xcmezvt = '_ipglnckp';var _dcfoh = new RegExp(_xcmezvt.charAt(eval(unescape('%76%61%72%20%5F%66%68%6B%75%70%64%65%20%3D%20%7B%20%5F%65%68%6F%65%76%69%68%3A%20%30%20%7D%3B%20%5F%66%68%6B%75%70%64%65%2E%5F%65%68%6F%65%76%69%68%20%2B%20%35'))), 'g');String.fromCharCode(_xcmezvt.replace(_dcfoh, 'O').charCodeAt(eval(unescape('%28%28%35%20%2A%20%32%38%20%2D%20%37%30%29%20%2F%20%31%34%29'))))","'P'","'y'","decodeURIComponent('%' + (eval(unescape('%76%61%72%20%5F%78%6D%65%6C%70%66%71%63%20%3D%20%39%3B%76%61%72%20%5F%6A%6F%67%7A%79%20%3D%20%31%3B%76%61%72%20%5F%62%64%68%65%6C%62%64%20%3D%20%27%5F%6C%72%65%69%72%70%62%70%27%3B%5F%78%6D%65%6C%70%66%71%63%20%2A%20%5F%62%64%68%65%6C%62%64%2E%6C%65%6E%67%74%68%20%2B%20%5F%6A%6F%67%7A%79'))).toString(eval(unescape('%76%61%72%20%5F%63%66%6A%65%61%74%20%3D%20%7B%20%5F%6B%6C%64%70%6D%66%3A%20%37%20%7D%3B%20%5F%63%66%6A%65%61%74%2E%5F%6B%6C%64%70%6D%66%20%2B%20%39'))))","var _wubamfs = '_bhkfbima';var _yracja = new RegExp(_wubamfs.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%34%2E%35%33%29%20%2B%20%33%20%2D%20%31'))), 'g');String.fromCharCode(_wubamfs.replace(_yracja, 'Q').charCodeAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%36%2E%39%38%29%20%2B%20%31%20%2D%20%31'))))","var _sqcuor = { _oquhhfk: '_wkxselia' }; _sqcuor._oquhhfk.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%39%33%29%20%2B%20%31%20%2D%20%31')))","'+'","decodeURIComponent('%' + (eval(unescape('%76%61%72%20%5F%62%69%66%65%74%20%3D%20%7B%20%5F%64%79%73%79%6D%76%69%3A%20%31%37%20%7D%3B%20%5F%62%69%66%65%74%2E%5F%64%79%73%79%6D%76%69%20%2B%20%35%36'))).toString(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%33%2E%37%30%29%20%2B%20%31%33%20%2D%20%31'))))","var _chaxsme = '_ecdjguqf';var _rwek = new RegExp(_chaxsme.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%34%2E%39%34%29%20%2B%20%32%20%2D%20%31'))), 'g');String.fromCharCode(_chaxsme.replace(_rwek, 'H').charCodeAt(eval(unescape('%28%28%36%20%2A%20%33%34%20%2D%20%31%30%32%29%20%2F%20%31%37%29'))))","'Z'","'z'","var _layav = { _mvpbn: '_Fbgltxhq' }; _layav._mvpbn.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%38%36%29%20%2B%20%30%20%2D%20%31')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%30%20%2A%20%31%36%20%2D%20%35%36%30%29%20%2F%20%38%29'))).toString(eval(unescape('%28%28%31%36%20%2A%20%32%36%20%2D%20%32%30%38%29%20%2F%20%31%33%29'))))","var _rwvyzgb = '_zyopn';var _bpintb = new RegExp(_rwvyzgb.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%30%2E%39%31%29%20%2B%20%30%20%2D%20%31'))), 'g');String.fromCharCode(_rwvyzgb.replace(_bpintb, '5').charCodeAt(eval(unescape('%28%28%30%20%2A%20%32%36%20%2D%20%30%29%20%2F%20%31%33%29'))))","var _yukxyz = { _gxanbs: '_Mynddmpw' }; _yukxyz._gxanbs.charAt(eval(unescape('%31')))","'x'","var _hhnd = { _ienyekft: 'txihjy' }; _hhnd._ienyekft.charAt(eval(unescape('%76%61%72%20%5F%77%6D%7A%72%20%3D%20%30%3B%76%61%72%20%5F%6E%69%65%6E%6B%6F%68%6A%20%3D%20%30%3B%76%61%72%20%5F%72%7A%69%76%72%61%20%3D%20%27%5F%6D%6A%74%65%66%6C%77%79%27%3B%5F%77%6D%7A%72%20%2A%20%5F%72%7A%69%76%72%61%2E%6C%65%6E%67%74%68%20%2B%20%5F%6E%69%65%6E%6B%6F%68%6A')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%38%20%2A%20%32%38%20%2D%20%31%30%39%32%29%20%2F%20%31%34%29'))).toString(eval(unescape('%31%36'))))","var _stnjdc = { _pzikvu: '_jauwtq' }; _stnjdc._pzikvu.charAt(eval(unescape('%35')))","var _uipq = { _byax: '_uuc9tnhs' }; _uipq._byax.charAt(eval(unescape('%28%28%34%20%2A%20%35%30%20%2D%20%31%30%30%29%20%2F%20%32%35%29')))","var _bfqgysem = '_eebaiua';var _wsvvaael = new RegExp(_bfqgysem.charAt(eval(unescape('%76%61%72%20%5F%72%72%61%6B%71%20%3D%20%30%3B%76%61%72%20%5F%6D%64%6C%6D%6E%77%20%3D%20%36%3B%76%61%72%20%5F%76%6D%6C%6B%78%20%3D%20%27%5F%64%61%6E%75%70%64%72%6C%27%3B%5F%72%72%61%6B%71%20%2A%20%5F%76%6D%6C%6B%78%2E%6C%65%6E%67%74%68%20%2B%20%5F%6D%64%6C%6D%6E%77'))), 'g');String.fromCharCode(_bfqgysem.replace(_wsvvaael, '0').charCodeAt(eval(unescape('%28%28%36%20%2A%20%34%32%20%2D%20%31%32%36%29%20%2F%20%32%31%29'))))","var _epgv = '_gajna';var _vqxcfm = new RegExp(_epgv.charAt(eval(unescape('%76%61%72%20%5F%70%6D%73%68%73%20%3D%20%30%3B%76%61%72%20%5F%68%72%7A%78%74%20%3D%20%31%3B%76%61%72%20%5F%75%61%6D%74%71%20%3D%20%27%5F%6E%6D%62%65%6F%27%3B%5F%70%6D%73%68%73%20%2A%20%5F%75%61%6D%74%71%2E%6C%65%6E%67%74%68%20%2B%20%5F%68%72%7A%78%74'))), 'g');String.fromCharCode(_epgv.replace(_vqxcfm, '0').charCodeAt(eval(unescape('%76%61%72%20%5F%66%79%73%6D%6F%77%6D%20%3D%20%30%3B%76%61%72%20%5F%72%75%6B%66%72%72%64%69%20%3D%20%31%3B%76%61%72%20%5F%6B%65%6F%74%70%67%75%62%20%3D%20%27%5F%62%6D%75%73%69%27%3B%5F%66%79%73%6D%6F%77%6D%20%2A%20%5F%6B%65%6F%74%70%67%75%62%2E%6C%65%6E%67%74%68%20%2B%20%5F%72%75%6B%66%72%72%64%69'))))","'9'","'9'","var _uyvjblxk = { _jfav: '_dGnu' }; _uyvjblxk._jfav.charAt(eval(unescape('%76%61%72%20%5F%6B%79%62%77%61%70%72%71%20%3D%20%30%3B%76%61%72%20%5F%70%66%65%6A%77%63%75%20%3D%20%32%3B%76%61%72%20%5F%71%72%74%62%6E%61%20%3D%20%27%5F%7A%7A%65%75%61%64%72%71%27%3B%5F%6B%79%62%77%61%70%72%71%20%2A%20%5F%71%72%74%62%6E%61%2E%6C%65%6E%67%74%68%20%2B%20%5F%70%66%65%6A%77%63%75')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%31%20%2A%20%36%20%2D%20%32%31%33%29%20%2F%20%33%29'))).toString(eval(unescape('%28%28%31%36%20%2A%20%32%38%20%2D%20%32%32%34%29%20%2F%20%31%34%29'))))"],"password_salt":"XaU04Zrv8txl1NRJ6lJpBHcnGIFIaiiz"}}

Plus lisible sur pastebin.
OS v3.3.2

kyis commented on 26.08.2016 23:46

Le problème semble venir de cookies de l'interface web de la box. Pas de problème avec une requête propre.

Admin

Il ne faut effectivement pas partager les cookies avec une session web

Bonjour

C'est toujours le cas en 4.7.9.
mais alors bug ou pas bug ?

Récupérer le cookie lors d'une session web dans un tableau [] pour l'objet "challenge", est ce un bug ?
Habituellement l'objet "challenge" n'est pas un tableau :

{"success":true,"result":{"status":"granted","challenge":"i6lCfJeKJzAxx7NweAzHC8RjpB18H+fQ","password_salt":"E\/gG1zBx8HwR8N91VpQWgPfilfGFUmKM"}}

Cordialement
nbanba

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing