Lucene search
This script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.KAYAKO_SUPPORTSUITE_3_30_01.NASLHistoryAug 22, 2008 - 12:00 a.m.
Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities
2008-08-2200:00:00
This script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.6%
The remote host is running Kayako SupportSuite, a web-based electronic support portal written in PHP.
According to its banner, the version of Kayako installed on the remote host is earlier than 3.30.01 and is, therefore, affected by several issues:
-
There is a blind SQL injection issue in the staff panel that enables a staff user to gain administrative access.
-
A user may be able to inject arbitrary script code into a user’s browser by opening a ticket or requesting a chat if they include the script in the ‘Full Name’ field associated with their account.
-
There are numerous cross-site scripting issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(34029);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2008-3700", "CVE-2008-3701");
script_bugtraq_id(30642);
script_name(english:"Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application affected by several
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host is running Kayako SupportSuite, a web-based electronic
support portal written in PHP.
According to its banner, the version of Kayako installed on the remote
host is earlier than 3.30.01 and is, therefore, affected by several
issues:
- There is a blind SQL injection issue in the staff panel
that enables a staff user to gain administrative access.
- A user may be able to inject arbitrary script code into
a user's browser by opening a ticket or requesting a
chat if they include the script in the 'Full Name'
field associated with their account.
- There are numerous cross-site scripting issues.");
# http://web.archive.org/web/20100225032305/http://www.gulftech.org/?node=research&article_id=00123-08092008
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc3d0a16");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/Aug/110");
# http://web.archive.org/web/20080822232046/http://forums.kayako.com/f3/3-30-01-stable-released-18304/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7eea1320");
script_set_attribute(attribute:"solution", value:
"Upgrade to Kayako SupportSuite 3.30.01 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(79, 89);
script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:kayako:supportsuite");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2008-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("kayako_supportsuite_detect.nasl");
script_require_keys("www/kayako_supportsuite", "www/PHP");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("audit.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:80, php: TRUE);
install = get_install_from_kb(appname:"kayako_supportsuite", port:port, exit_on_fail:TRUE);
dir = install['dir'];
install_url = build_url(port:port,qs:dir);
version = install['ver'];
if (version == UNKNOWN_VER || isnull(version))
audit(AUDIT_UNKNOWN_WEB_APP_VER, "Kayako SupportSuite", install_url);
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
# nb: make sure we have at least three components since we're
# testing for 3 (might not be needed).
while (i < 3)
ver[i++] = 0;
fixed_version = '3.30.01';
if (
ver[0] < 3 ||
(
ver[0] == 3 &&
(
ver[1] < 30 ||
(ver[1] == 30 && ver[2] < 1)
)
)
)
{
set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
if (report_verbosity)
{
report =
'\n URL : ' + install_url +
'\n Installed version : ' + version +
'\n Fixed version : ' + fixed_version +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, "Kayako SupportSuite", install_url, version);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| kayako | supportsuite | cpe:/a:kayako:supportsuite |
Related
cve
cve
CVE-2008-3700
2008-08-15 20:41:00
CVE-2008-3701
2008-08-15 20:41:00
prion
prion
Cross site scripting
2008-08-15 20:41:00
Sql injection
2008-08-15 20:41:00
nvd
nvd
CVE-2008-3700
2008-08-15 20:41:00
CVE-2008-3701
2008-08-15 20:41:00
cvelist
cvelist
CVE-2008-3700
2008-08-15 20:06:00
CVE-2008-3701
2008-08-15 20:06:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.6%
Related for KAYAKO_SUPPORTSUITE_3_30_01.NASL