younessesoft 0 Posted January 30, 2020 Share Posted January 30, 2020 السلام عليكم ورحمة الله تعالى وبركاته يوجد ثغرة واللي هي أن المستخدم يمكنه إستخدام برامج التعقب زي ال httpdebugger وال برنامج fiddler مثلا عند الضغط على القاناة http://188.227.58.45...itrate=10000000 راح يجي جواب جيزون زي هذا مثلا {"MediaSources" : [{"Bitrate" : 4701564,"Container" : "mp4","DefaultAudioStreamIndex" : 1,"Formats" : [],"Id" : "xxxxxxxx","IsInfiniteStream" : true,"IsRemote" : true,"LiveStreamId" : "060422ce6fdf19fc9ecfaaeb4_01413a525b3a96642d7a329","MediaStreams" : [{"AspectRatio" : "16:9","AverageFrameRate" : 29,00000000000000,"BitDepth" : 8,"BitRate" : 4499145,"Codec" : "h264","CodecTag" : "avc1","CodecTimeBase" : "15868574/951162363","ColorPrimaries" : "bt709","ColorSpace" : "bt709","ColorTransfer" : "bt709","DisplayTitle" : "720p H264","Height" : 720,"Index" : 0,"IsAVC" : true,"IsAnamorphic" : false,"IsDefault" : true,"IsExternal" : false,"IsForced" : false,"IsInterlaced" : false,"IsTextSubtitleStream" : false,"Language" : "und","Level" : 40,"NalLengthSize" : "4","PixelFormat" : "yuv420p","Profile" : "Main","Protocol" : "File","RealFrameRate" : 29,00000000000000,"RefFrames" : 1,"SupportsExternalStream" : false,"TimeBase" : "1/90000","Type" : "Video","VideoRange" : "SDR","Width" : 1280},{"BitRate" : 192005,"ChannelLayout" : "stereo","Channels" : 2,"Codec" : "aac","CodecTag" : "mp4a","CodecTimeBase" : "1/48000","DisplayTitle" : "Und AAC stereo (Default)","Index" : 1,"IsDefault" : true,"IsExternal" : false,"IsForced" : false,"IsInterlaced" : false,"IsTextSubtitleStream" : false,"Language" : "und","Profile" : "LC","Protocol" : "File","SampleRate" : 48000,"SupportsExternalStream" : false,"TimeBase" : "1/48000","Type" : "Audio"}],"Path" : "http://my.hoste.com:8080/movie/younessesoft/Oatxxxxggg/178714.m3u","Protocol" : "Http","ReadAtNativeFramerate" : false,"RequiredHttpHeaders" : {"User-Agent" : "VLC/3.0.1"},"RequiresClosing" : true,"RequiresLooping" : true,"RequiresOpening" : true,"Size" : 4343613479,"SupportsDirectPlay" : false,"SupportsDirectStream" : false,"SupportsProbing" : false,"SupportsTranscoding" : true,"TranscodingContainer" : "ts","TranscodingSubProtocol" : "hls","TranscodingUrl" : "/videos/12527/master.m3u8","Type" : "Default"}],"PlaySessionId" : "3923097cd6e2064d0e4"} كما تلاحظون للأسف ظهور الرابط الأساسي للبث وهكذا سوف يتم سرقته وأستغلاله مباشرة "Path" : "http://my.hoste.com:...gg/178714.m3u", اللي يعرف طريقة حذف هذا الجزئ على المستخدم يخبرنا أو يجب التعديل في التحديث القادم لأنها ثغرة وللأسف مدمرة تماما ولا يمكن الوثوق في البوابة الامبي لطالما لم تغلق هذه الثغرة وشكرا Link to comment Share on other sites More sharing options...
Luke 37064 Posted January 31, 2020 Share Posted January 31, 2020 @@Abobader 1 Link to comment Share on other sites More sharing options...
Abobader 2945 Posted January 31, 2020 Share Posted January 31, 2020 وعليكم السلام ورحمة الله شكرا على المعلومة, وحقيقة انا لا استخدم هذا النظام ولكن ساوصل المعلومة اليوم الى المطورين واقوم بالرد عليك هنا تحياتى Link to comment Share on other sites More sharing options...
Abobader 2945 Posted January 31, 2020 Share Posted January 31, 2020 https://emby.media/community/index.php?/topic/82062-secure-my-url-m3u-from-user/?p=838207 Link to comment Share on other sites More sharing options...
Recommended Posts