Forum Rules
Before you start, check out the forum rules first
Account upgrade
Upgrade your account to get access to full features
Advertising
Would you like to place your advertisement with us ?
Resources Manager
Hundreds of IPTV scripts and apps are available for download
Info IPTV Smarters Exploit: CVE-2020–9380
- Thread starter darkvil
- Start date
Vulnerable TV streaming app could give attackers full control over users’ devices
Check those permissions
| Channels | MatchTime Unblock CDN | Offshore Server | Contact |
| 100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
| 500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
| 1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
The absolute state of this code
This will have been 0dayed for a long time, the quality of development is so so bad with iptv. That will accept any file from anyone. Ridiculous.
PHP:
session_start();
if (file_exists("functions.php")) {
include_once "functions.php";
if (isset($_FILES["logoImage"])) {
$target_dir = "../images/";
$target_file = $target_dir . basename($_FILES["logoImage"]["name"]);
if (move_uploaded_file($_FILES["logoImage"]["tmp_name"], $target_file)) {
echo "images/" . $_FILES["logoImage"]["name"];
exit;
}
echo "errorImage";
exit;
}
...This will have been 0dayed for a long time, the quality of development is so so bad with iptv. That will accept any file from anyone. Ridiculous.
Certainly! my friend. Those responsible for the smarters contacted me and informed that it is one without many problems. They don't really know anything.
Ahh, the man himself. Nice job on the exploit, good to see it properly reported as CVE. Hopefully smarters will do something now it's getting picked up in the tech news.
| Channels | MatchTime Unblock CDN | Offshore Server | Contact |
| 100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
| 500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
| 1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
Yep, tried it and it works
How can we be sure that this patch is safe to use?
As you joined the forum 6 months ago
and only have 1 post which is this patch
| Channels | MatchTime Unblock CDN | Offshore Server | Contact |
| 100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
| 500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
| 1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
Hi Mobilehacks,
6 months of forum, but the creator of the CVE and the exploit.
10 years in google hall of fame for security:
You don't have to trust me if you don't want to, the patch source is open.
But I think I'm the wrong person to have questions about, I would personally rather question the IPTV Smarters quality.
Nothing personal intended i was purely just asking a question
J
It is not new that IPTV Smarters does not expire confidence. At least for me ...
Now it has only been exposed in the media.
Now it has only been exposed in the media.
| Channels | MatchTime Unblock CDN | Offshore Server | Contact |
| 100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
| 500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
| 1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
This would be a good solution instead of removing the snips, if not please correct if im wrong.
PHP:
<?php
//Vulnerability 1: Arbitrary File Upload
if (isset($_FILES["logoImage"])) {
//added to check file extentions
$file_ext=pathinfo($_FILES['logoImage']['name']);
$extensions= array("jpeg","jpg","png","JPEG","JPG","PNG");
if(in_array($file_ext,$extensions)=== false){echo 'Not a valid file ext.';die("Error")}
//end of check
$target_dir = "../images/";
$target_file = $target_dir . basename($_FILES["logoImage"]["name"]);
if (move_uploaded_file($_FILES["logoImage"]["tmp_name"], $target_file)) {
echo "images/" . $_FILES["logoImage"]["name"];
exit;
}
echo "errorImage";
exit;
}
//Vulnerability 2: Code Injection
if (isset($_POST["action"]) && $_POST["action"] == "installation") {
//check to see if form data came from same REFERER
if ((isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER']))) {
if (strtolower(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)) != strtolower($_SERVER['HTTP_HOST'])) {
die("Error")
}
}
//end check
$response["result"] = "no";
$content = "<?php \n";
$content .= "\$XCStreamHostUrl = \"" . $_POST["HostUrlVal"] . "\";" . "\n";
$content .= "\$XClogoLinkval = \"" . $_POST["logoLinkval"] . "\";" . "\n";
$content .= "\$XCcopyrighttextval = \"" . $_POST["copyrighttextval"] . "\";" . "\n";
$content .= "\$XCcontactUslinkval = \"" . $_POST["contactUslinkval"] . "\";" . "\n";
$content .= "\$XChelpLinkval = \"" . $_POST["helpLinkval"] . "\";" . "\n";
$content .= "\$XClicenseIsval = \"" . $_POST["licenseIsval"] . "\";" . "\n";
$content .= "\$XClocalKey = \"" . $_POST["LocalKey"] . "\";" . "\n";
$content .= "\$XCsitetitleval = \"" . $_POST["sitetitleval"] . "\";" . "\n";
$content .= "?>";
if (file_exists("../configuration.php")) {
unlink("../configuration.php");
}
$fp = fopen("../configuration.php", "w");
fwrite($fp, $content);
fclose($fp);
chmod("../configuration.php", 511);
if (file_exists("../configuration.php")) {
$response["result"] = "yes";
}
echo json_encode($response);
exit;
}
?>FireTvGuru The file Upload code is good, that's a perfect solution.
But the second one, it will be easy to be exploited, because anyone can spoof the Referer. The best solution would be having an installation script that gets removed after executed.
| Channels | MatchTime Unblock CDN | Offshore Server | Contact |
| 100 cnx / 90€ | 5Gbps / 180€ | 48CPU-256GRAM 10Gbps 569€ | Skype live:giefsl |
| 500 cnx / 350€ | 10Gbps / 350€ | 48CPU-128GRAM 5Gbps / 349€ | TG @changglobize |
| 1000 cnx / 500€ | 20Gbps / 700€ | 40CPU-128GRAM 20Gbps / €980 | http://coronaserver.com |
Thank you for your work.
