mutant200s DreamBox Arbitrary File Download Vulnerability

ID 1337DAY-ID-17470
Type zdt
Reporter k3vin mitnick
Modified 2012-02-01T00:00:00


Exploit for multiple platform in category web applications

                                            # Exploit Title: mutant200s DreamBox  Arbitrary File Download Vulnerability
# Google Dork: 
# Date: 30/01 /2012
# Author: k3vin mitnick
# Software Link: 
# Version: 
# Tested on: 
# CVE : 

DreamBox DM500(+) Arbitrary File Download Vulnerability
Vendor: Dream Multimedia GmbH
Product web page:
Affected version: DM500, DM500+, DM500HD and DM500S
Summary: The Dreambox is a series of Linux-powered
DVB satellite, terrestrial and cable digital television
receivers (set-top box).
Desc: Dreambox suffers from a file download vulnerability
thru directory traversal with appending the '/' character
in the HTTP GET method of the affected host address. The
attacker can get to sensitive information like paid channel
keys, usernames, passwords, config and plug-ins info, etc.
Tested on: Linux dreambox 2.6.17-mutant200s 
Vulnerability discovered by: k3vin mitnick 
website :
exploit :
greetz to tunisian blackhat team , tunisia hackspace , , , samychelly , , fireboy , underhack , 
scraface team , wild_louzir ,ANIS , slim ammamou , haythem el mekki ... and  all tunisia hackers 

# [2018-03-20]  #