| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Dec 2007 11:45:05 +0330
From: "imei Addmimistrator" <addmimistrator@...il.com>
To: bugtraq@...urityfocus.com
Subject: SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS
——-Summary——
Software: SupportSuite
Sowtware's Web Site: http://www.kayako.com
Versions: 3.00.32
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: imei Addmimistrator
Risk Level: Medium
——Description—–
Supportsuite , a great product of kayako, Ideal for providing ticket
based support, is prone to XSS attack in multiple internal files.{more
than 300 files}
Use of unsafe variable PHP_SELF in so many files of supprtsuite, makes
this program vulnerable against XSS attacks. The bug is in result of
using PHP_SELF variable that is unsafe in many version of PHP inside
of parameter used in function trigger_error().
Product has an "Anti Full path disclosure" approach come here:
if (!defined("INSWIFT")) {
trigger_error("Unable to process $PHP_SELF", E_USER_ERROR);
}
As it's obvious, It has a weakness against XSS.
VISITE ORIGINAL ADVISORY FOR MORE DETAILS
> http://myimei.com/security/2007-12-06/supportsuite-31101-multiple-file-php-self-xss.html
-------
BTW I have no idea what's wrong with moderators. they said my old post
has no detail and ask me for more details. I sent much posts like that
and users could refer to original advisory for understanding bug.
Should you always keep entire text in your site instead of poor bug
finder or its a really new policy!
--
imei Addmimistrator
Visit my SeQrity Homepage at:
http://myimei.com/security
Powered by blists - more mailing lists