kayakoXSS2.txt

2005-03-24T00:00:00
ID PACKETSTORM:36763
Type packetstorm
Reporter James Bercegay
Modified 2005-03-24T00:00:00

Description

                                        
                                            `##########################################################  
# GulfTech Security Research March 22, 2005  
##########################################################  
# Vendor : Kayako Web Solutions  
# URL : http://www.kayako.com/  
# Version : Kayako eSupport v2.3   
# Risk : Cross Site Scripting  
##########################################################  
  
  
  
Description:  
Kayako eSupport is a popular helpdesk, and support software. It   
is used by many businesses for customer support purposes. Kayako   
eSupport is prone to cross site scripting attacks that may allow   
the application to be used as an attack vector, or an attacker   
to access sensitive user data .  
  
  
Cross Site Scripting:  
Cross site scripting exists in Kayako eSupport. This vulnerability   
exists due to user supplied input not being checked properly. Below   
are a few benign examples of the previously mentioned issues.  
  
http://path/index.php?_a=knowledgebase&_j=questiondetails&_i=[INT][XSS]  
http://path/index.php?_a=knowledgebase&_j=questionprint&_i=[INT][XSS]  
http://path/index.php?_a=troubleshooter&_c=[INT][XSS]  
http://path/index.php?_a=knowledgebase&_j=subcat&_i=[INT][XSS]  
  
This vulnerability could be used to steal cookie based authentication   
credentials within the scope of the current domain, or render   
hostile code in a victim's browser. Where [INT] and [XSS] should be a   
valid integer and your choice of code, for example   
"><h1>Cross Site Scripting</h1>  
  
  
  
Solution:  
The Kayako support team was informed of these vulnerabilities and   
they informed me that a fix will be released soon.  
  
  
  
Credits:  
James Bercegay of the GulfTech Security Research Team  
  
--   
No virus found in this outgoing message.  
Checked by AVG Anti-Virus.  
Version: 7.0.308 / Virus Database: 266.7.4 - Release Date: 3/18/2005  
  
  
`