This topic is locked
السلام عليكم ورحمة الله تعالى وبركاته يوجد ثغرة واللي هي أن المستخدم يمكنه إستخدام برامج التعقب زي ال httpdebugger وال برنامج fiddler
مثلا عند الضغط على القاناة
http://188.227.58.45...itrate=10000000
راح يجي جواب جيزون زي هذا مثلا
{
"MediaSources" : [
{
"Bitrate" : 4701564,
"Container" : "mp4",
"DefaultAudioStreamIndex" : 1,
"Formats" : [],
"Id" : "xxxxxxxx",
"IsInfiniteStream" : true,
"IsRemote" : true,
"LiveStreamId" : "060422ce6fdf19fc9ecfaaeb4_01413a525b3a96642d7a329",
"MediaStreams" : [
{
"AspectRatio" : "16:9",
"AverageFrameRate" : 29,00000000000000,
"BitDepth" : 8,
"BitRate" : 4499145,
"Codec" : "h264",
"CodecTag" : "avc1",
"CodecTimeBase" : "15868574/951162363",
"ColorPrimaries" : "bt709",
"ColorSpace" : "bt709",
"ColorTransfer" : "bt709",
"DisplayTitle" : "720p H264",
"Height" : 720,
"Index" : 0,
"IsAVC" : true,
"IsAnamorphic" : false,
"IsDefault" : true,
"IsExternal" : false,
"IsForced" : false,
"IsInterlaced" : false,
"IsTextSubtitleStream" : false,
"Language" : "und",
"Level" : 40,
"NalLengthSize" : "4",
"PixelFormat" : "yuv420p",
"Profile" : "Main",
"Protocol" : "File",
"RealFrameRate" : 29,00000000000000,
"RefFrames" : 1,
"SupportsExternalStream" : false,
"TimeBase" : "1/90000",
"Type" : "Video",
"VideoRange" : "SDR",
"Width" : 1280
},
{
"BitRate" : 192005,
"ChannelLayout" : "stereo",
"Channels" : 2,
"Codec" : "aac",
"CodecTag" : "mp4a",
"CodecTimeBase" : "1/48000",
"DisplayTitle" : "Und AAC stereo (Default)",
"Index" : 1,
"IsDefault" : true,
"IsExternal" : false,
"IsForced" : false,
"IsInterlaced" : false,
"IsTextSubtitleStream" : false,
"Language" : "und",
"Profile" : "LC",
"Protocol" : "File",
"SampleRate" : 48000,
"SupportsExternalStream" : false,
"TimeBase" : "1/48000",
"Type" : "Audio"
}
],
"Path" : "http://my.hoste.com:...ggg/178714.m3u",
"Protocol" : "Http",
"ReadAtNativeFramerate" : false,
"RequiredHttpHeaders" : {
"User-Agent" : "VLC/3.0.1"
},
"RequiresClosing" : true,
"RequiresLooping" : true,
"RequiresOpening" : true,
"Size" : 4343613479,
"SupportsDirectPlay" : false,
"SupportsDirectStream" : false,
"SupportsProbing" : false,
"SupportsTranscoding" : true,
"TranscodingContainer" : "ts",
"TranscodingSubProtocol" : "hls",
"TranscodingUrl" : "/videos/12527/master.m3u8",
"Type" : "Default"
}
],
"PlaySessionId" : "3923097cd6e2064d0e4"
}
كما تلاحظون للأسف ظهور الرابط الأساسي للبث وهكذا سوف يتم سرقته وأستغلاله مباشرة
"Path" : "http://my.hoste.com:...gg/178714.m3u",
اللي يعرف طريقة حذف هذا الجزئ على المستخدم يخبرنا أو يجب التعديل في التحديث القادم لأنها ثغرة وللأسف مدمرة تماما ولا يمكن الوثوق في البوابة الامبي لطالما لم تغلق هذه الثغرة وشكرا
Top
