[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : DreamBox DM500(+) Arbitrary File Download Vulnerability
# Published : 2011-05-13
# Author : LiquidWorm
# Previous Title : SPlayer 3.7 Content-Type Buffer Overflow
# Next Title : XtreamerPRO Media-player Multiple Vulnerabilities

 DreamBox DM500(+) Arbitrary File Download Vulnerability Vendor: Dream Multimedia GmbH Product web page: http://www.dream-multimedia-tv.de Affected version: DM500, DM500+, DM500HD and DM500S Summary: The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box). Desc: Dreambox suffers from a file download vulnerability thru directory traversal with appending the '/' character in the HTTP GET method of the affected host address. The attacker can get to sensitive information like paid channel keys, usernames, passwords, config and plug-ins info, etc. Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic liquidworm gmail com Zero Science Lab - http://www.zeroscience.mk Advisory ID: ZSL-2011-5013 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5013.php 22.12.2010 --------------------------------------------------------------------