Dreambox WebControl Remote Acess

2016.09.01
br Jonatas Fil (BR) br
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: shodan: dreambox 200 ok

########################################################################### Hello guys, I'm bringing a vulnerability in the product "DreamBox". It allows you to have a direct remote control of your browser, using the service "WebControl". Much of the machines that use this service use password, then I will teach how to find the unauthorized service. ########################################################################### First, create an account on Shodan: https://www.shodan.io/ Soon after, search for "Dreambox 200 ok". When you open the link of your victim with ip:port, you will have access to the DreamBox WebControl. ############################################################################# Enjoy Script for automating the search: https://github.com/ninj4c0d3r/ShodanCli How to use: After installing, run with "python shodancli.py --shodan 'Dreambox 200 ok'." ####################################################################### DEMO: http://imgur.com/a/28nBt

References:

https://www.shodan.io/
https://github.com/ninj4c0d3r/ShodanCli


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top