Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services


Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers.

Discovered by security researchers at CheckPoint, the vulnerabilities reside in the administrative panel of Ministra TV platform, which if exploited, could allow attackers to bypass authentication and extract subscribers’ database, including their financial details.

Besides this, the flaws could also allow attackers to replace broadcast and steam any content of their choice on the TV screens of all affected customer networks.

Ministra TV platform, previously known as Stalker Portal, is a software written in PHP that works as a middleware platform for media streaming services for managing Internet Protocol television (IPTV), video-on-demand (VOD) and over-the-top (OTT) content, licenses and their subscribers.

Developed by Ukrainian company Infomir, the Ministra software is currently being used by over a thousand online media streaming services with the highest numbers of providers in the United States (199), following with Netherlands (137), Russia (120), France (117) and Canada (105).

CheckPoint researchers find a logical vulnerability in an authentication function of the Ministra platform that fails to validate the request, allowing a remote attacker to bypass authentication and perform SQL injection through a separate vulnerability, which otherwise only an authenticated attacker can exploit.

As shown in the video demonstration, when it further chained together with a PHP Object Injection vulnerability, the researchers were successfully able to remotely execute arbitrary code on the targeted server.

CheckPoint researchers reported their findings to the company, which has now patched the issues with the release of Ministra version 5.4.1.

Vendors are strongly recommended to update their system to the latest version as soon as possible.


Laisser un commentaire

Next Post

Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default

As promised, Mozilla has finally enabled “Enhanced Tracking Protection” feature on its Firefox browser by default, which from now onwards would automatically block all third-party tracking cookies that allow advertisers and websites to track you across the web. Tracking cookies, also known as third-party cookies, allows advertisers to monitor your […]