lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 18 Dec 2004 12:33:00 -0600
From: "GulfTech Security" <security@...ftech.org>
To: <bugtraq@...urityfocus.com>, "OSVDB" <moderators@...db.org>,
	"Secunia Research" <vuln@...unia.com>
Subject: Multiple Vulnerabilities In Kayako eSupport v2.x


##########################################################
# GulfTech Security Research	       December 18th, 2004
##########################################################
# Vendor  : Kayako Web Solutions
# URL     : http://www.kayako.com/
# Version : Kayako eSupport v2.x
# Risk    : Multiple Vulnerabilities
##########################################################



Description:
Kayako eSupport is one of the most feature packed support systems; in this 
tour you will find why over a thousand companies have decided to opt for 
eSupport and use it to process their daily support requests. [As quoted 
from their website]


Cross Site Scripting:
Cross site scripting exists in Kayako eSupport. This vulnerability exists
due to user supplied input not being checked properly. Below is an example.

http://path/index.php?_a=knowledgebase&_j=search&searchm=[CODEGOESHERE]

This vulnerability could be used to steal cookie based authentication 
credentials within the scope of the current domain, or render hostile code 
in a victim's browser.



SQL Injection: 
Kayako eSupport is prone to SQL Injection in a number of places. Below are 
some examples of url's that could be used to take advantage of these 
vulnerabilities.

http://path/index.php?_a=knowledgebase&_j=subcat&_i=[SQL]
http://path/index.php?_a=knowledgebase&_j=rate&_i=[SQL]&type=no
http://path/index.php?_a=knowledgebase&_j=questiondetails&_i=[SQL]
http://path/index.php?_a=tickets&_m=viewmain&email22=blah@blah&ticketkey22=[
SQL]
http://path/index.php?_a=tickets&_m=viewmain&email22=[SQL]&ticketkey22=

These is also a SQL Injection vulnerability in the "Home > Ticket Status 
> Forgot Key" feature. This can be take advantage of by putting a malicious 
query in the email field. Because of the location of the unchecked variable 
in the query, it makes it easy for an attacker to use these issues to query 
just about any info from the underlying database. It should also be noted
that 
the attacker does not need to be logged in to eSupport



Solution:
The Kayako support team was informed of these vulnerabilities and they
should 
be fixed soon.



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00056-12182004



Credits:
James Bercegay of the GulfTech Security Research Team

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.0 - Release Date: 12/17/2004

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ