Kayako LiveResponse index.php Calendar Feature Multiple Variable SQL Injection

2005-07-30T05:10:46
ID OSVDB:18396
Type osvdb
Reporter James Bercegay()
Modified 2005-07-30T05:10:46

Description

Vulnerability Description

Kayako LiveResponse contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'year' or 'date' variables in the calendar feature. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Kayako LiveResponse contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'year' or 'date' variables in the calendar feature. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/index.php?date=22&month=3&year=2005%20UNION%20SELECT%200,0,0,0,0,0,username,pass%20FROM%20lrUsers%20WHERE%201/&_g=2&_a=panel&_m=cal http://[target]/index.php?date=22%20UNION%20SELECT%200,0,0,0,0,0,username,pass%20FROM%20lrUsers%20WHERE%201/&month=3&year=2005&_g=2&_a=panel&_m=cal

References:

Vendor URL: http://www.kayako.com/ Secunia Advisory ID:16286 Related OSVDB ID: 18397 Related OSVDB ID: 18398 Related OSVDB ID: 18399 Related OSVDB ID: 18395 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00092-07302005 Nessus Plugin ID:19335 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0516.html CVE-2005-2461 Bugtraq ID: 14425