Kayako LiveResponse index.php username Variable XSS

2005-07-30T05:10:46
ID OSVDB:18395
Type osvdb
Reporter James Bercegay()
Modified 2005-07-30T05:10:46

Description

Vulnerability Description

Kayako LiveResponse contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity and confidentiality

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Kayako LiveResponse contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity and confidentiality

Manual Testing Notes

http://[target]/index.php?username="><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.kayako.com/ Secunia Advisory ID:16286 Related OSVDB ID: 18397 Related OSVDB ID: 18398 Related OSVDB ID: 18399 Related OSVDB ID: 18396 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00092-07302005 Nessus Plugin ID:19335 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0516.html CVE-2005-2460 Bugtraq ID: 14425