|
16318 | Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K) | 20/02/2015 | Anomalie | API | Closed | Faille de découverte de code ?? |
Task Description
voila le retour que j’ai eu sur la page : http://mafreebox.freebox.fr/api/v1/login/authorize/N
{”success”:true,”result”:{”status”:”granted”,”challenge”:[”var _heldx = { _zxaw: ‘Mnctpig’ }; _heldx._zxaw.charAt(eval(unescape(’%4D%61%74%68%2E%72%6F%75%6E%64%28%30%2E%36%30%29%20%2B%20%30%20%2D%20%31’)))”,”var _puozv = { _fcrs: ‘_kvfrav’ }; _puozv._fcrs.charAt(eval(unescape(’%33’)))”,”var _dqloymg = ‘_lgqm’;var _qrirhfm = new RegExp(_dqloymg.charAt(eval(unescape(’%30’))), ‘g’);String.fromCharCode(_dqloymg.replace(_qrirhfm, ‘C’).charCodeAt(eval(unescape(’%4D%61%74%68%2E%72%6F%75%6E%64%28%30%2E%36%36%29%20%2B%20%30%20%2D%20%31’))))”,”decodeURIComponent(’%’ + (eval(unescape(’%4D%61%74%68%2E%72%6F%75%6E%64%28%34%38%2E%36%39%29%20%2B%20%38%20%2D%20%31’))).toString(eval(unescape(’%76%61%72%20%5F%62%63%79%73%20%3D%20%7B%20%5F%71%6D%62%64%77%64%3A%20%31%34%20%7D%3B%20%5F%62%63%79%73%2E%5F%71%6D%62%64%77%64%20%2B%20%32’))))”,”var _yywc = ‘_znbmmj’;var _nhrv = new RegExp(_yywc.charAt(eval(unescape(’%76%61%72%20%5F%6F%6D%72%72%72%73%71%20%3D%20%7B%20%5F%6B%6B%68%76%66%63%79%3A%20%31%20%7D%3B%20%5F%6F%6D%72%72%72%73%71%2E%5F%6B%6B%68%76%66%63%79%20%2B%20%35’))), ‘g’);String.fromCharCode(_yywc.replace(_nhrv, ‘l’).charCodeAt(eval(unescape(’%76%61%72%20%5F%6E%6C%68%6D%63%6C%6E%68%20%3D%20%31%3B%76%61%72%20%5F%78%71%71%71%72%20%3D%20%30%3B%76%61%72%20%5F%63%72%67%6C%6F%74%20%3D%20%27%5F%6B%72%78%71%7A%27%3B%5F%6E%6C%68%6D%63%6C%6E%68%20%2A%20%5F%63%72%67%6C%6F%74%2E%6C%65%6E%67%74%68%20%2B%20%5F%78%71%71%71%72’))))”,”decodeURIComponent(’%’ + (eval(unescape(’%28%28%37%32%20%2A%20%38%20%2D%20%32%38%38%29%20%2F%20%34%29’))).toString(eval(unescape(’%31%36’))))”,”decodeURIComponent(’%’ + (eval(unescape(’%4D%61%74%68%2E%72%6F%75%6E%64%28%32%30%2E%39%38%29%20%2B%20%33%33%20%2D%20%31’))).toString(eval(unescape(’%28%28%31%36%20%2A%20%33%36%20%2D%20%32%38%38%29%20%2F%20%31%38%29’))))”,”‘z’“,”var _fdhrsh = ‘_plwvdls’;var _xdnzcu = new RegExp(_fdhrsh.charAt(eval(unescape(’%76%61%72%20%5F%63%68%75%6E%7A%65%20%3D%20%30%3B%76%61%72%20%5F%78%71%66%6B%72%68%61%20%3D%20%37%3B%76%61%72%20%5F%70%6D%6D%73%64%7A%6E%77%20%3D%20%27%5F%67%6E%6C%76%61%72%72%27%3B%5F%63%68%75%6E%7A%65%20%2A%20%5F%70%6D%6D%73%64%7A%6E%77%2E%6C%65%6E%67%74%68%20%2B%20%5F%78%71%66%6B%72%68%61’))), ‘g’);String.fromCharCode(_fdhrsh.replace(_xdnzcu, ‘A’).charCodeAt(eval(unescape(’%37’))))”,”‘z’“,”var _yetaqy = ‘_fjsne’;var _frxwdgog = new RegExp(_yetaqy.charAt(eval(unescape(’%76%61%72%20%5F%72%61%78%6F%20%3D%20%30%3B%76%61%72%20%5F%65%76%65%6D%20%3D%20%33%3B%76%61%72%20%5F%78%74%6F%72%66%74%63%20%3D%20%27%5F%72%6F%6C%77%63%74%66%27%3B%5F%72%61%78%6F%20%2A%20%5F%78%74%6F%72%66%74%63%2E%6C%65%6E%67%74%68%20%2B%20%5F%65%76%65%6D’))), ‘g’);String.fromCharCode(_yetaqy.replace(_frxwdgog, ‘v’).charCodeAt(eval(unescape(’%4D%61%74%68%2E%72%6F%75%6E%64%28%33%2E%39%38%29%20%2B%20%30%20%2D%20%31’))))”,”var _ddjxrrmi = ‘_eamsplg’;var _wzuikda = new RegExp(_ddjxrrmi.charAt(eval(unescape(’%76%61%72%20%5F%6A%64%78%62%20%3D%20%30%3B%76%61%72%20%5F%62%6B%62%6B%68%74%20%3D%20%33%3B%76%61%72%20%5F%7A%78%6F%65%6D%20%3D%20%27%5F%63%78%68%71%69%77%76%78%27%3B%5F%6A%64%78%62%20%2A%20%5F%7A%78%6F%65%6D%2E%6C%65%6E%67%74%68%20%2B%20%5F%62%6B%62%6B%68%74’))), ‘g’);String.fromCharCode(_ddjxrrmi.replace(_wzuikda, ‘G’).charCodeAt(eval(unescape(’%76%61%72%20%5F%76%78%71%62%75%66%7A%20%3D%20%7B%20%5F%63%66%62%78%3A%20%32%20%7D%3B%20%5F%76%78%71%62%75%66%7A%2E%5F%63%66%62%78%20%2B%20%31’))))”,”decodeURIComponent(’%’ + (eval(unescape(’%76%61%72%20%5F%6B%62%62%6D%71%73%6E%69%20%3D%20%7B%20%5F%65%74%6B%69%65%6C%3A%20%34%36%20%7D%3B%20%5F%6B%62%62%6D%71%73%6E%69%2E%5F%65%74%6B%69%65%6C%20%2B%20%39’))).toString(eval(unescape(’%76%61%72%20%5F%79%65%68%79%69%75%7A%20%3D%20%7B%20%5F%68%79%7A%6E%3A%20%30%20%7D%3B%20%5F%79%65%68%79%69%75%7A%2E%5F%68%79%7A%6E%20%2B%20%31%36’))))”,”‘f’“,”var _naau = { _zbeuzrue: ‘_pajVta’ }; _naau._zbeuzrue.charAt(eval(unescape(’%34’)))”,”var _mabd = ‘_bsvtpa’;var _mccjr = new RegExp(_mabd.charAt(eval(unescape(’%76%61%72%20%5F%74%67%63%6B%20%3D%20%30%3B%76%61%72%20%5F%78%72%71%61%20%3D%20%31%3B%76%61%72%20%5F%6C%6C%62%70%6F%20%3D%20%27%5F%77%75%72%64%6D%74%76%27%3B%5F%74%67%63%6B%20%2A%20%5F%6C%6C%62%70%6F%2E%6C%65%6E%67%74%68%20%2B%20%5F%78%72%71%61’))), ‘g’);String.fromCharCode(_mabd.replace(_mccjr, ‘1’).charCodeAt(eval(unescape(’%4D%61%74%68%2E%72%6F%75%6E%64%28%30%2E%39%36%29%20%2B%20%31%20%2D%20%31’))))”,”var _iwgs = ‘_jsadlz’;var _yirdzd = new RegExp(_iwgs.charAt(eval(unescape(’%4D%61%74%68%2E%72%6F%75%6E%64%28%31%2E%36%35%29%20%2B%20%31%20%2D%20%31’))), ‘g’);String.fromCharCode(_iwgs.replace(_yirdzd, ‘6’).charCodeAt(eval(unescape(’%28%28%32%20%2A%20%33%34%20%2D%20%33%34%29%20%2F%20%31%37%29’))))”,”var _wabt = { _ytdhuux: ‘_rzkzjj’ }; _wabt._ytdhuux.charAt(eval(unescape(’%34’)))”,”‘K’“,”var _trimzgf = ‘_wpjlqcc’;var _rbrvkig = new RegExp(_trimzgf.charAt(eval(unescape(’%33’))), ‘g’);String.fromCharCode(_trimzgf.replace(_rbrvkig, ‘X’).charCodeAt(eval(unescape(’%76%61%72%20%5F%6F%75%68%68%61%20%3D%20%30%3B%76%61%72%20%5F%73%71%78%64%68%79%66%7A%20%3D%20%33%3B%76%61%72%20%5F%74%67%6A%78%6A%20%3D%20%27%5F%6C%6A%6E%69%6E%62%74%6E%27%3B%5F%6F%75%68%68%61%20%2A%20%5F%74%67%6A%78%6A%2E%6C%65%6E%67%74%68%20%2B%20%5F%73%71%78%64%68%79%66%7A’))))”,”var _hwwhun = { _dwluuo: ‘_tqjopm6’ }; _hwwhun._dwluuo.charAt(eval(unescape(’%76%61%72%20%5F%71%78%6D%6F%63%20%3D%20%31%3B%76%61%72%20%5F%61%68%6A%69%6C%65%61%6D%20%3D%20%32%3B%76%61%72%20%5F%61%78%79%65%65%6A%6F%20%3D%20%27%5F%71%65%6C%6E%27%3B%5F%71%78%6D%6F%63%20%2A%20%5F%61%78%79%65%65%6A%6F%2E%6C%65%6E%67%74%68%20%2B%20%5F%61%68%6A%69%6C%65%61%6D’)))”,”decodeURIComponent(’%’ + (eval(unescape(’%28%28%36%37%20%2A%20%35%30%20%2D%20%31%36%37%35%29%20%2F%20%32%35%29’))).toString(eval(unescape(’%31%36’))))”,”var _zoda = ‘_wmcccep’;var _rehijoiw = new RegExp(_zoda.charAt(eval(unescape(’%76%61%72%20%5F%74%75%61%67%20%3D%20%31%3B%76%61%72%20%5F%78%63%68%67%77%65%78%76%20%3D%20%30%3B%76%61%72%20%5F%69%64%6B%6C%6A%69%66%20%3D%20%27%5F%75%6C%75%74%7A%27%3B%5F%74%75%61%67%20%2A%20%5F%69%64%6B%6C%6A%69%66%2E%6C%65%6E%67%74%68%20%2B%20%5F%78%63%68%67%77%65%78%76’))), ‘g’);String.fromCharCode(_zoda.replace(_rehijoiw, ‘g’).charCodeAt(eval(unescape(’%76%61%72%20%5F%72%61%7A%6E%20%3D%20%30%3B%76%61%72%20%5F%78%78%73%7A%65%69%20%3D%20%36%3B%76%61%72%20%5F%72%6D%6C%69%64%75%6D%6E%20%3D%20%27%5F%7A%6F%73%6E%6F%6E%7A%6D%27%3B%5F%72%61%7A%6E%20%2A%20%5F%72%6D%6C%69%64%75%6D%6E%2E%6C%65%6E%67%74%68%20%2B%20%5F%78%78%73%7A%65%69’))))”,”var _trrhqlxa = { _qtgbe: ‘rrbsclc’ }; _trrhqlxa._qtgbe.charAt(eval(unescape(’%76%61%72%20%5F%70%66%74%61%64%74%20%3D%20%7B%20%5F%78%6A%6D%70%3A%20%30%20%7D%3B%20%5F%70%66%74%61%64%74%2E%5F%78%6A%6D%70%20%2B%20%30’)))”,”decodeURIComponent(’%’ + (eval(unescape(’%76%61%72%20%5F%73%63%74%76%61%6B%20%3D%20%31%38%3B%76%61%72%20%5F%72%67%76%70%20%3D%20%33%3B%76%61%72%20%5F%6E%72%63%6F%76%72%75%20%3D%20%27%5F%65%61%79%6C%69%27%3B%5F%73%63%74%76%61%6B%20%2A%20%5F%6E%72%63%6F%76%72%75%2E%6C%65%6E%67%74%68%20%2B%20%5F%72%67%76%70’))).toString(eval(unescape(’%4D%61%74%68%2E%72%6F%75%6E%64%28%36%2E%38%35%29%20%2B%20%31%30%20%2D%20%31’))))”,”var _hree = ‘_zonqf’;var _ihvd = new RegExp(_hree.charAt(eval(unescape(’%76%61%72%20%5F%67%79%6B%66%20%3D%20%30%3B%76%61%72%20%5F%72%66%74%6F%65%6A%20%3D%20%30%3B%76%61%72%20%5F%74%68%78%79%64%66%20%3D%20%27%5F%64%65%65%7A%27%3B%5F%67%79%6B%66%20%2A%20%5F%74%68%78%79%64%66%2E%6C%65%6E%67%74%68%20%2B%20%5F%72%66%74%6F%65%6A’))), ‘g’);String.fromCharCode(_hree.replace(_ihvd, ‘Z’).charCodeAt(eval(unescape(’%28%28%30%20%2A%20%31%30%20%2D%20%30%29%20%2F%20%35%29’))))”,”‘j’“,”var _iznsvu = { _qeiabb: ‘_wzgdvsnf’ }; _iznsvu._qeiabb.charAt(eval(unescape(’%32’)))”,”decodeURIComponent(’%’ + (eval(unescape(’%28%28%36%38%20%2A%20%32%36%20%2D%20%38%38%34%29%20%2F%20%31%33%29’))).toString(eval(unescape(’%28%28%31%36%20%2A%20%35%30%20%2D%20%34%30%30%29%20%2F%20%32%35%29’))))”,”‘3’“,”var _bpaugoya = { _aogt: ‘_luhsksop’ }; _bpaugoya._aogt.charAt(eval(unescape(’%76%61%72%20%5F%63%70%62%6A%74%73%20%3D%20%7B%20%5F%74%67%6F%64%77%66%6C%68%3A%20%32%20%7D%3B%20%5F%63%70%62%6A%74%73%2E%5F%74%67%6F%64%77%66%6C%68%20%2B%20%31’)))”,”decodeURIComponent(’%’ + (eval(unescape(’%28%28%39%37%20%2A%20%33%30%20%2D%20%31%34%35%35%29%20%2F%20%31%35%29’))).toString(eval(unescape(’%31%36’))))”],”password_salt”:”CENSURED”}}
Cela ce reproduit a chaque requêtes et resemble bien a une faille mais ce soir j’ai vraiment la flemme de chercher plus loin et je ne pense qu’il n’y a pas besoin de proff of concept dans tout les cas.
Cordialement.
|
|
15800 | Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K) | 14/09/2014 | Anomalie | Bridge | Closed | Impossible de router IPv6 en mode bridge |
Task Description
Bonjour,
J’ai besoin d’utiliser ma Freebox en mode Bridge, pour l’IPv4 en NAT tout fonctionne, j’utilise pfSense.
Par contre pour l’IPv6 qui fonctionne correctement avec OVH en mode bridge il est impossible de le faire fonctionner avec la Freebox comme si le modem était configuré en mode routeur.
Un work around existe est de faire un pont entre les deux interfaces pour que le trafic IPv6 passe directement vers la Freebox, mais dans la configuration actuelle ce n’est pas aisé de le mettre en place.
Si le modem OVH un technicolor est capable de me permettre de router l’IPv6 via pfSense en natif je pense qu’une modification du routage bridge de la Freebox le permettra aussi.
Cordialement.
|
|
14547 | Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K) | 01/04/2014 | Évolution | Téléphonie | Closed | Appels SIP sortants |
Task Description
Bonjour, de plus en plus de materiel devient incompatible avec les lignes téléphoniques PSTN, de ce fait nous somme obligé de passer par Freephonie, le problème étant que même depuis son domicile avec l’adresse IP de la Freebox il nous est impossible de contacter les téléphones mobiles et numéros spéciaux.
Nous avons alors deux solutions, la première étant de changer de fournisseur de service, ce qui implique des frais supplémentaires mensuellement et la seconde implique l’usage d’une passerelle VoIP du genre SPA3102 qui permettra d’utiliser la ligne PSTN depuis les téléphones IP, mais avec une qualité de son a la limite de l’acceptable.
Je demande donc a Free de moderniser son système et permettre un usage Full-IP de la ligne téléphonique au mois depuis l’IP de la Freebox ou nous laisser la possibilité d’avoir une dérogation.
C’est vraiment dommage que Free ai toute une infrastructure qui devient presque inutilisable a cause de restrictions
|