- État Nouveau
- Pourcentage achevé
- Type Anomalie
- Catégorie Freebox OS → API
- Assignée à Personne
- Système d'exploitation Tous
- Sévérité Haute
- Priorité Très Basse
- Basée sur la version 3.3.1
- Due pour la version Non décidée
-
Échéance
Non décidée
- Votes
- Privée
Concerne le projet: Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K)
Ouverte par kyis - 26/08/2016
Ouverte par kyis - 26/08/2016
FS#20609 - GET /api/v3/login/authorize/{tid} retourne du code JS dans la valeur de challenge
GET /api/v3/login/authorize/{tid} Quelque soit le tid la requête me retourne :
{"success":true,"result":{"status":"granted","challenge":["var _pmtrqgv = { _dotl: '_mviD' }; _pmtrqgv._dotl.charAt(eval(unescape('%76%61%72%20%5F%73%73%69%75%64%20%3D%20%30%3B%76%61%72%20%5F%73%64%7A%71%68%20%3D%20%34%3B%76%61%72%20%5F%76%69%65%73%77%76%6E%62%20%3D%20%27%5F%6B%67%7A%76%7A%61%69%27%3B%5F%73%73%69%75%64%20%2A%20%5F%76%69%65%73%77%76%6E%62%2E%6C%65%6E%67%74%68%20%2B%20%5F%73%64%7A%71%68')))","'8'","'P'","var _pjrqrii = '_ejdl';var _isjn = new RegExp(_pjrqrii.charAt(eval(unescape('%28%28%31%20%2A%20%38%20%2D%20%34%29%20%2F%20%34%29'))), 'g');String.fromCharCode(_pjrqrii.replace(_isjn, 's').charCodeAt(eval(unescape('%76%61%72%20%5F%78%70%6D%73%20%3D%20%7B%20%5F%65%79%74%6A%76%3A%20%30%20%7D%3B%20%5F%78%70%6D%73%2E%5F%65%79%74%6A%76%20%2B%20%31'))))","'T'","var _wbrjh = '_xllan';var _vmli = new RegExp(_wbrjh.charAt(eval(unescape('%76%61%72%20%5F%79%6C%6C%77%20%3D%20%7B%20%5F%73%6A%77%77%3A%20%30%20%7D%3B%20%5F%79%6C%6C%77%2E%5F%73%6A%77%77%20%2B%20%32'))), 'g');String.fromCharCode(_wbrjh.replace(_vmli, 'U').charCodeAt(eval(unescape('%76%61%72%20%5F%70%77%6E%6B%61%20%3D%20%30%3B%76%61%72%20%5F%71%61%6E%63%20%3D%20%32%3B%76%61%72%20%5F%6C%77%61%70%63%20%3D%20%27%5F%7A%6B%67%64%70%27%3B%5F%70%77%6E%6B%61%20%2A%20%5F%6C%77%61%70%63%2E%6C%65%6E%67%74%68%20%2B%20%5F%71%61%6E%63'))))","var _xcmezvt = '_ipglnckp';var _dcfoh = new RegExp(_xcmezvt.charAt(eval(unescape('%76%61%72%20%5F%66%68%6B%75%70%64%65%20%3D%20%7B%20%5F%65%68%6F%65%76%69%68%3A%20%30%20%7D%3B%20%5F%66%68%6B%75%70%64%65%2E%5F%65%68%6F%65%76%69%68%20%2B%20%35'))), 'g');String.fromCharCode(_xcmezvt.replace(_dcfoh, 'O').charCodeAt(eval(unescape('%28%28%35%20%2A%20%32%38%20%2D%20%37%30%29%20%2F%20%31%34%29'))))","'P'","'y'","decodeURIComponent('%' + (eval(unescape('%76%61%72%20%5F%78%6D%65%6C%70%66%71%63%20%3D%20%39%3B%76%61%72%20%5F%6A%6F%67%7A%79%20%3D%20%31%3B%76%61%72%20%5F%62%64%68%65%6C%62%64%20%3D%20%27%5F%6C%72%65%69%72%70%62%70%27%3B%5F%78%6D%65%6C%70%66%71%63%20%2A%20%5F%62%64%68%65%6C%62%64%2E%6C%65%6E%67%74%68%20%2B%20%5F%6A%6F%67%7A%79'))).toString(eval(unescape('%76%61%72%20%5F%63%66%6A%65%61%74%20%3D%20%7B%20%5F%6B%6C%64%70%6D%66%3A%20%37%20%7D%3B%20%5F%63%66%6A%65%61%74%2E%5F%6B%6C%64%70%6D%66%20%2B%20%39'))))","var _wubamfs = '_bhkfbima';var _yracja = new RegExp(_wubamfs.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%34%2E%35%33%29%20%2B%20%33%20%2D%20%31'))), 'g');String.fromCharCode(_wubamfs.replace(_yracja, 'Q').charCodeAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%36%2E%39%38%29%20%2B%20%31%20%2D%20%31'))))","var _sqcuor = { _oquhhfk: '_wkxselia' }; _sqcuor._oquhhfk.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%39%33%29%20%2B%20%31%20%2D%20%31')))","'+'","decodeURIComponent('%' + (eval(unescape('%76%61%72%20%5F%62%69%66%65%74%20%3D%20%7B%20%5F%64%79%73%79%6D%76%69%3A%20%31%37%20%7D%3B%20%5F%62%69%66%65%74%2E%5F%64%79%73%79%6D%76%69%20%2B%20%35%36'))).toString(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%33%2E%37%30%29%20%2B%20%31%33%20%2D%20%31'))))","var _chaxsme = '_ecdjguqf';var _rwek = new RegExp(_chaxsme.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%34%2E%39%34%29%20%2B%20%32%20%2D%20%31'))), 'g');String.fromCharCode(_chaxsme.replace(_rwek, 'H').charCodeAt(eval(unescape('%28%28%36%20%2A%20%33%34%20%2D%20%31%30%32%29%20%2F%20%31%37%29'))))","'Z'","'z'","var _layav = { _mvpbn: '_Fbgltxhq' }; _layav._mvpbn.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%38%36%29%20%2B%20%30%20%2D%20%31')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%30%20%2A%20%31%36%20%2D%20%35%36%30%29%20%2F%20%38%29'))).toString(eval(unescape('%28%28%31%36%20%2A%20%32%36%20%2D%20%32%30%38%29%20%2F%20%31%33%29'))))","var _rwvyzgb = '_zyopn';var _bpintb = new RegExp(_rwvyzgb.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%30%2E%39%31%29%20%2B%20%30%20%2D%20%31'))), 'g');String.fromCharCode(_rwvyzgb.replace(_bpintb, '5').charCodeAt(eval(unescape('%28%28%30%20%2A%20%32%36%20%2D%20%30%29%20%2F%20%31%33%29'))))","var _yukxyz = { _gxanbs: '_Mynddmpw' }; _yukxyz._gxanbs.charAt(eval(unescape('%31')))","'x'","var _hhnd = { _ienyekft: 'txihjy' }; _hhnd._ienyekft.charAt(eval(unescape('%76%61%72%20%5F%77%6D%7A%72%20%3D%20%30%3B%76%61%72%20%5F%6E%69%65%6E%6B%6F%68%6A%20%3D%20%30%3B%76%61%72%20%5F%72%7A%69%76%72%61%20%3D%20%27%5F%6D%6A%74%65%66%6C%77%79%27%3B%5F%77%6D%7A%72%20%2A%20%5F%72%7A%69%76%72%61%2E%6C%65%6E%67%74%68%20%2B%20%5F%6E%69%65%6E%6B%6F%68%6A')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%38%20%2A%20%32%38%20%2D%20%31%30%39%32%29%20%2F%20%31%34%29'))).toString(eval(unescape('%31%36'))))","var _stnjdc = { _pzikvu: '_jauwtq' }; _stnjdc._pzikvu.charAt(eval(unescape('%35')))","var _uipq = { _byax: '_uuc9tnhs' }; _uipq._byax.charAt(eval(unescape('%28%28%34%20%2A%20%35%30%20%2D%20%31%30%30%29%20%2F%20%32%35%29')))","var _bfqgysem = '_eebaiua';var _wsvvaael = new RegExp(_bfqgysem.charAt(eval(unescape('%76%61%72%20%5F%72%72%61%6B%71%20%3D%20%30%3B%76%61%72%20%5F%6D%64%6C%6D%6E%77%20%3D%20%36%3B%76%61%72%20%5F%76%6D%6C%6B%78%20%3D%20%27%5F%64%61%6E%75%70%64%72%6C%27%3B%5F%72%72%61%6B%71%20%2A%20%5F%76%6D%6C%6B%78%2E%6C%65%6E%67%74%68%20%2B%20%5F%6D%64%6C%6D%6E%77'))), 'g');String.fromCharCode(_bfqgysem.replace(_wsvvaael, '0').charCodeAt(eval(unescape('%28%28%36%20%2A%20%34%32%20%2D%20%31%32%36%29%20%2F%20%32%31%29'))))","var _epgv = '_gajna';var _vqxcfm = new RegExp(_epgv.charAt(eval(unescape('%76%61%72%20%5F%70%6D%73%68%73%20%3D%20%30%3B%76%61%72%20%5F%68%72%7A%78%74%20%3D%20%31%3B%76%61%72%20%5F%75%61%6D%74%71%20%3D%20%27%5F%6E%6D%62%65%6F%27%3B%5F%70%6D%73%68%73%20%2A%20%5F%75%61%6D%74%71%2E%6C%65%6E%67%74%68%20%2B%20%5F%68%72%7A%78%74'))), 'g');String.fromCharCode(_epgv.replace(_vqxcfm, '0').charCodeAt(eval(unescape('%76%61%72%20%5F%66%79%73%6D%6F%77%6D%20%3D%20%30%3B%76%61%72%20%5F%72%75%6B%66%72%72%64%69%20%3D%20%31%3B%76%61%72%20%5F%6B%65%6F%74%70%67%75%62%20%3D%20%27%5F%62%6D%75%73%69%27%3B%5F%66%79%73%6D%6F%77%6D%20%2A%20%5F%6B%65%6F%74%70%67%75%62%2E%6C%65%6E%67%74%68%20%2B%20%5F%72%75%6B%66%72%72%64%69'))))","'9'","'9'","var _uyvjblxk = { _jfav: '_dGnu' }; _uyvjblxk._jfav.charAt(eval(unescape('%76%61%72%20%5F%6B%79%62%77%61%70%72%71%20%3D%20%30%3B%76%61%72%20%5F%70%66%65%6A%77%63%75%20%3D%20%32%3B%76%61%72%20%5F%71%72%74%62%6E%61%20%3D%20%27%5F%7A%7A%65%75%61%64%72%71%27%3B%5F%6B%79%62%77%61%70%72%71%20%2A%20%5F%71%72%74%62%6E%61%2E%6C%65%6E%67%74%68%20%2B%20%5F%70%66%65%6A%77%63%75')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%31%20%2A%20%36%20%2D%20%32%31%33%29%20%2F%20%33%29'))).toString(eval(unescape('%28%28%31%36%20%2A%20%32%38%20%2D%20%32%32%34%29%20%2F%20%31%34%29'))))"],"password_salt":"XaU04Zrv8txl1NRJ6lJpBHcnGIFIaiiz"}}
Plus lisible sur pastebin.
OS v3.3.2
Chargement...
Activer les raccourcis clavier
- Alt + ⇧ Shift + l Se connecter/Se déconnecter
- Alt + ⇧ Shift + a Ouvrir une tâche
- Alt + ⇧ Shift + m Mes recherches
- Alt + ⇧ Shift + t Rechercher par ID de tâche
Liste des tâches
- o Ouvrir la tâche sélectionnée
- j Déplacer le curseur vers le bas
- k Déplacer le curseur vers le haut
Détails de la tâche
- n Tâche suivante
- p Tâche précédente
- Alt + ⇧ Shift + e ↵ Enter Modifier cette tâche
- Alt + ⇧ Shift + w Surveiller
- Alt + ⇧ Shift + y Fermer cette tâche
Édition de la tâche
- Alt + ⇧ Shift + s Enregistrer la tâche
Le problème semble venir de cookies de l'interface web de la box. Pas de problème avec une requête propre.
Il ne faut effectivement pas partager les cookies avec une session web
Bonjour
C'est toujours le cas en 4.7.9.
mais alors bug ou pas bug ?
Récupérer le cookie lors d'une session web dans un tableau [] pour l'objet "challenge", est ce un bug ?
Habituellement l'objet "challenge" n'est pas un tableau :
Cordialement
nbanba