2 posts tagged with "Web hacking"

Introduction​

If you work in offensive security, it is probable that you've already heard of HTTP Smuggling somewhere. Maybe you've heard of a new 0 day exploiting this type of vulnerability, or maybe you've seen a report of a bug bounty hunter dropping +10k$ with the help of HTTP Smuggling. And maybe after that, you did like me, you never digged into it.

Truth is, the impacts of HTTP Smuggling are huge. It's possible then to deface a website for other users, perform accounts take over and even perform SSRF (Server Side Request Forgery). Other impactful actions can be made when chaining with other vulnerabilities.

Thats why, I digged into it, finding how it works and how to exploit it. This blog series is more like a journal to me, something where I can write all the payloads needed and the theory behind it.

Introduction​

On July 14, 2024, DAZN, a sports streaming service, acquired the rights to Ligue 1 for 400 million euros.

It offers supporters 2 subscription plans, including one at €30 per month with a 12-month commitment (to watch all Ligue 1 matches except 1 match broadcast by Bein).

Thus, the French supporter must spend €45 per month just to watch Ligue 1. There is no need to continue to prove that this system will not work. Especially since DAZN requires 1.5 million subscribers to be profitable.

Using IPTV is therefore an alternative for these supporters, who are burdened with increasingly high costs each year to watch their favorite team.

This article aims to explore how IPTV works, as well as its server and connection/authentication methods.