Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple Vulnerabilities In Kayako eSupport v2.x

from [GulfTech Security] Network Security [Permanent Link]
Subject: Multiple Vulnerabilities In Kayako eSupport v2.x
Date: Sat, 18 Dec 2004 12:33:00 -0600 
##########################################################
# GulfTech Security Research           December 18th, 2004
##########################################################
# Vendor  : Kayako Web Solutions
# URL     : http://www.kayako.com/
# Version : Kayako eSupport v2.x
# Risk    : Multiple Vulnerabilities
##########################################################



Description:
Kayako eSupport is one of the most feature packed support systems; in this 
tour you will find why over a thousand companies have decided to opt for 
eSupport and use it to process their daily support requests. [As quoted 
from their website]


Cross Site Scripting:
Cross site scripting exists in Kayako eSupport. This vulnerability exists
due to user supplied input not being checked properly. Below is an example.

http://path/index.php?_a=knowledgebase&_j=search&searchm=[CODEGOESHERE]

This vulnerability could be used to steal cookie based authentication 
credentials within the scope of the current domain, or render hostile code 
in a victim's browser.



SQL Injection: 
Kayako eSupport is prone to SQL Injection in a number of places. Below are 
some examples of url's that could be used to take advantage of these 
vulnerabilities.

http://path/index.php?_a=knowledgebase&_j=subcat&_i=[SQL]
http://path/index.php?_a=knowledgebase&_j=rate&_i=[SQL]&type=no
http://path/index.php?_a=knowledgebase&_j=questiondetails&_i=[SQL]
http://path/index.php?_a=tickets&_m=viewmain&email22=blah@blah&ticketkey22=[
SQL]
http://path/index.php?_a=tickets&_m=viewmain&email22=[SQL]&ticketkey22=

These is also a SQL Injection vulnerability in the "Home > Ticket Status 

Forgot Key" feature. This can be take advantage of by putting a malicious 

query in the email field. Because of the location of the unchecked variable 
in the query, it makes it easy for an attacker to use these issues to query 
just about any info from the underlying database. It should also be noted
that 
the attacker does not need to be logged in to eSupport



Solution:
The Kayako support team was informed of these vulnerabilities and they
should 
be fixed soon.



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00056-12182004



Credits:
James Bercegay of the GulfTech Security Research Team

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.0 - Release Date: 12/17/2004
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Multiple Vulnerabilities In Kayako eSupport v2.x, GulfTech Security <=
Previous by Date:  Re: DJB's students release 44 *nix software vulnerability advisories, D. J. Bernstein
Next by Date:  MS Windows Media Player 9 Vulns (2), Arman Nayyeri
Previous by Thread:  [ GLSA 200412-13 ] Samba: Integer overflow, Sune Kloppenborg Jeppesen
Next by Thread:  MS Windows Media Player 9 Vulns (2), Arman Nayyeri
Indexes:  [Date] [Thread] [Top] [All Lists]