Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K)

  • État Nouveau
  • Pourcentage achevé
    0%
  • Type Anomalie
  • Catégorie Freebox OS → API
  • Assignée à Personne
  • Système d'exploitation Tous
  • Sévérité Haute
  • Priorité Très Basse
  • Basée sur la version 3.3.1
  • Due pour la version Non décidée
  • Échéance Non décidée
  • Votes
  • Privée

FS#20609 - GET /api/v3/login/authorize/{tid} retourne du code JS dans la valeur de challenge

GET /api/v3/login/authorize/{tid} Quelque soit le tid la requête me retourne :

{"success":true,"result":{"status":"granted","challenge":["var _pmtrqgv = { _dotl: '_mviD' }; _pmtrqgv._dotl.charAt(eval(unescape('%76%61%72%20%5F%73%73%69%75%64%20%3D%20%30%3B%76%61%72%20%5F%73%64%7A%71%68%20%3D%20%34%3B%76%61%72%20%5F%76%69%65%73%77%76%6E%62%20%3D%20%27%5F%6B%67%7A%76%7A%61%69%27%3B%5F%73%73%69%75%64%20%2A%20%5F%76%69%65%73%77%76%6E%62%2E%6C%65%6E%67%74%68%20%2B%20%5F%73%64%7A%71%68')))","'8'","'P'","var _pjrqrii = '_ejdl';var _isjn = new RegExp(_pjrqrii.charAt(eval(unescape('%28%28%31%20%2A%20%38%20%2D%20%34%29%20%2F%20%34%29'))), 'g');String.fromCharCode(_pjrqrii.replace(_isjn, 's').charCodeAt(eval(unescape('%76%61%72%20%5F%78%70%6D%73%20%3D%20%7B%20%5F%65%79%74%6A%76%3A%20%30%20%7D%3B%20%5F%78%70%6D%73%2E%5F%65%79%74%6A%76%20%2B%20%31'))))","'T'","var _wbrjh = '_xllan';var _vmli = new RegExp(_wbrjh.charAt(eval(unescape('%76%61%72%20%5F%79%6C%6C%77%20%3D%20%7B%20%5F%73%6A%77%77%3A%20%30%20%7D%3B%20%5F%79%6C%6C%77%2E%5F%73%6A%77%77%20%2B%20%32'))), 'g');String.fromCharCode(_wbrjh.replace(_vmli, 'U').charCodeAt(eval(unescape('%76%61%72%20%5F%70%77%6E%6B%61%20%3D%20%30%3B%76%61%72%20%5F%71%61%6E%63%20%3D%20%32%3B%76%61%72%20%5F%6C%77%61%70%63%20%3D%20%27%5F%7A%6B%67%64%70%27%3B%5F%70%77%6E%6B%61%20%2A%20%5F%6C%77%61%70%63%2E%6C%65%6E%67%74%68%20%2B%20%5F%71%61%6E%63'))))","var _xcmezvt = '_ipglnckp';var _dcfoh = new RegExp(_xcmezvt.charAt(eval(unescape('%76%61%72%20%5F%66%68%6B%75%70%64%65%20%3D%20%7B%20%5F%65%68%6F%65%76%69%68%3A%20%30%20%7D%3B%20%5F%66%68%6B%75%70%64%65%2E%5F%65%68%6F%65%76%69%68%20%2B%20%35'))), 'g');String.fromCharCode(_xcmezvt.replace(_dcfoh, 'O').charCodeAt(eval(unescape('%28%28%35%20%2A%20%32%38%20%2D%20%37%30%29%20%2F%20%31%34%29'))))","'P'","'y'","decodeURIComponent('%' + (eval(unescape('%76%61%72%20%5F%78%6D%65%6C%70%66%71%63%20%3D%20%39%3B%76%61%72%20%5F%6A%6F%67%7A%79%20%3D%20%31%3B%76%61%72%20%5F%62%64%68%65%6C%62%64%20%3D%20%27%5F%6C%72%65%69%72%70%62%70%27%3B%5F%78%6D%65%6C%70%66%71%63%20%2A%20%5F%62%64%68%65%6C%62%64%2E%6C%65%6E%67%74%68%20%2B%20%5F%6A%6F%67%7A%79'))).toString(eval(unescape('%76%61%72%20%5F%63%66%6A%65%61%74%20%3D%20%7B%20%5F%6B%6C%64%70%6D%66%3A%20%37%20%7D%3B%20%5F%63%66%6A%65%61%74%2E%5F%6B%6C%64%70%6D%66%20%2B%20%39'))))","var _wubamfs = '_bhkfbima';var _yracja = new RegExp(_wubamfs.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%34%2E%35%33%29%20%2B%20%33%20%2D%20%31'))), 'g');String.fromCharCode(_wubamfs.replace(_yracja, 'Q').charCodeAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%36%2E%39%38%29%20%2B%20%31%20%2D%20%31'))))","var _sqcuor = { _oquhhfk: '_wkxselia' }; _sqcuor._oquhhfk.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%39%33%29%20%2B%20%31%20%2D%20%31')))","'+'","decodeURIComponent('%' + (eval(unescape('%76%61%72%20%5F%62%69%66%65%74%20%3D%20%7B%20%5F%64%79%73%79%6D%76%69%3A%20%31%37%20%7D%3B%20%5F%62%69%66%65%74%2E%5F%64%79%73%79%6D%76%69%20%2B%20%35%36'))).toString(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%33%2E%37%30%29%20%2B%20%31%33%20%2D%20%31'))))","var _chaxsme = '_ecdjguqf';var _rwek = new RegExp(_chaxsme.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%34%2E%39%34%29%20%2B%20%32%20%2D%20%31'))), 'g');String.fromCharCode(_chaxsme.replace(_rwek, 'H').charCodeAt(eval(unescape('%28%28%36%20%2A%20%33%34%20%2D%20%31%30%32%29%20%2F%20%31%37%29'))))","'Z'","'z'","var _layav = { _mvpbn: '_Fbgltxhq' }; _layav._mvpbn.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%38%36%29%20%2B%20%30%20%2D%20%31')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%30%20%2A%20%31%36%20%2D%20%35%36%30%29%20%2F%20%38%29'))).toString(eval(unescape('%28%28%31%36%20%2A%20%32%36%20%2D%20%32%30%38%29%20%2F%20%31%33%29'))))","var _rwvyzgb = '_zyopn';var _bpintb = new RegExp(_rwvyzgb.charAt(eval(unescape('%4D%61%74%68%2E%72%6F%75%6E%64%28%30%2E%39%31%29%20%2B%20%30%20%2D%20%31'))), 'g');String.fromCharCode(_rwvyzgb.replace(_bpintb, '5').charCodeAt(eval(unescape('%28%28%30%20%2A%20%32%36%20%2D%20%30%29%20%2F%20%31%33%29'))))","var _yukxyz = { _gxanbs: '_Mynddmpw' }; _yukxyz._gxanbs.charAt(eval(unescape('%31')))","'x'","var _hhnd = { _ienyekft: 'txihjy' }; _hhnd._ienyekft.charAt(eval(unescape('%76%61%72%20%5F%77%6D%7A%72%20%3D%20%30%3B%76%61%72%20%5F%6E%69%65%6E%6B%6F%68%6A%20%3D%20%30%3B%76%61%72%20%5F%72%7A%69%76%72%61%20%3D%20%27%5F%6D%6A%74%65%66%6C%77%79%27%3B%5F%77%6D%7A%72%20%2A%20%5F%72%7A%69%76%72%61%2E%6C%65%6E%67%74%68%20%2B%20%5F%6E%69%65%6E%6B%6F%68%6A')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%38%20%2A%20%32%38%20%2D%20%31%30%39%32%29%20%2F%20%31%34%29'))).toString(eval(unescape('%31%36'))))","var _stnjdc = { _pzikvu: '_jauwtq' }; _stnjdc._pzikvu.charAt(eval(unescape('%35')))","var _uipq = { _byax: '_uuc9tnhs' }; _uipq._byax.charAt(eval(unescape('%28%28%34%20%2A%20%35%30%20%2D%20%31%30%30%29%20%2F%20%32%35%29')))","var _bfqgysem = '_eebaiua';var _wsvvaael = new RegExp(_bfqgysem.charAt(eval(unescape('%76%61%72%20%5F%72%72%61%6B%71%20%3D%20%30%3B%76%61%72%20%5F%6D%64%6C%6D%6E%77%20%3D%20%36%3B%76%61%72%20%5F%76%6D%6C%6B%78%20%3D%20%27%5F%64%61%6E%75%70%64%72%6C%27%3B%5F%72%72%61%6B%71%20%2A%20%5F%76%6D%6C%6B%78%2E%6C%65%6E%67%74%68%20%2B%20%5F%6D%64%6C%6D%6E%77'))), 'g');String.fromCharCode(_bfqgysem.replace(_wsvvaael, '0').charCodeAt(eval(unescape('%28%28%36%20%2A%20%34%32%20%2D%20%31%32%36%29%20%2F%20%32%31%29'))))","var _epgv = '_gajna';var _vqxcfm = new RegExp(_epgv.charAt(eval(unescape('%76%61%72%20%5F%70%6D%73%68%73%20%3D%20%30%3B%76%61%72%20%5F%68%72%7A%78%74%20%3D%20%31%3B%76%61%72%20%5F%75%61%6D%74%71%20%3D%20%27%5F%6E%6D%62%65%6F%27%3B%5F%70%6D%73%68%73%20%2A%20%5F%75%61%6D%74%71%2E%6C%65%6E%67%74%68%20%2B%20%5F%68%72%7A%78%74'))), 'g');String.fromCharCode(_epgv.replace(_vqxcfm, '0').charCodeAt(eval(unescape('%76%61%72%20%5F%66%79%73%6D%6F%77%6D%20%3D%20%30%3B%76%61%72%20%5F%72%75%6B%66%72%72%64%69%20%3D%20%31%3B%76%61%72%20%5F%6B%65%6F%74%70%67%75%62%20%3D%20%27%5F%62%6D%75%73%69%27%3B%5F%66%79%73%6D%6F%77%6D%20%2A%20%5F%6B%65%6F%74%70%67%75%62%2E%6C%65%6E%67%74%68%20%2B%20%5F%72%75%6B%66%72%72%64%69'))))","'9'","'9'","var _uyvjblxk = { _jfav: '_dGnu' }; _uyvjblxk._jfav.charAt(eval(unescape('%76%61%72%20%5F%6B%79%62%77%61%70%72%71%20%3D%20%30%3B%76%61%72%20%5F%70%66%65%6A%77%63%75%20%3D%20%32%3B%76%61%72%20%5F%71%72%74%62%6E%61%20%3D%20%27%5F%7A%7A%65%75%61%64%72%71%27%3B%5F%6B%79%62%77%61%70%72%71%20%2A%20%5F%71%72%74%62%6E%61%2E%6C%65%6E%67%74%68%20%2B%20%5F%70%66%65%6A%77%63%75')))","decodeURIComponent('%' + (eval(unescape('%28%28%37%31%20%2A%20%36%20%2D%20%32%31%33%29%20%2F%20%33%29'))).toString(eval(unescape('%28%28%31%36%20%2A%20%32%38%20%2D%20%32%32%34%29%20%2F%20%31%34%29'))))"],"password_salt":"XaU04Zrv8txl1NRJ6lJpBHcnGIFIaiiz"}}

Plus lisible sur pastebin.
OS v3.3.2

kyis a commenté le 26.08.2016 23:46

Le problème semble venir de cookies de l'interface web de la box. Pas de problème avec une requête propre.

Admin
rfliedel a commenté le 08.09.2016 11:23

Il ne faut effectivement pas partager les cookies avec une session web

nbanba a commenté le 07.04.2024 17:30

Bonjour

C'est toujours le cas en 4.7.9.
mais alors bug ou pas bug ?

Récupérer le cookie lors d'une session web dans un tableau [] pour l'objet "challenge", est ce un bug ?
Habituellement l'objet "challenge" n'est pas un tableau :

{"success":true,"result":{"status":"granted","challenge":"i6lCfJeKJzAxx7NweAzHC8RjpB18H+fQ","password_salt":"E\/gG1zBx8HwR8N91VpQWgPfilfGFUmKM"}}

Cordialement
nbanba

Chargement...

Activer les raccourcis clavier

Liste des tâches

Détails de la tâche

Édition de la tâche