Search | Research | Contact Us Sunday April 23, 2022
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  4 eBay And Amazon Still Vulnerable
  5 When Small Mistakes Can Cause Big Problems
  6 Woltlab Burning Board SQL Injection Vulnerability
  7 Multiple Vulnerabilities In phpWebsite
  8 WordPress 1.5.1.2 And Earlier Multiple Vulnerabilities
  9 Document Object Model Hijacking Explained
10 Critical Vulnerability In Help Center Live
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Multiple Kayako eSupport Vulnerabilities
December 18, 2021
Vendor : Kayako Web Solutions
URL : http://www.kayako.com/
Version : Kayako eSupport v2.x
Risk : Multiple Vulnerabilities
BID : http://www.securityfocus.com/bid/12037


Description:
Kayako eSupport is one of the most feature packed support systems; in this tour you will find why over a thousand companies have decided to opt for eSupport and use it to process their daily support requests. [As quoted from their website]


Cross Site Scripting:
Cross site scripting exists in Kayako eSupport. This vulnerability exists due to user supplied input not being checked properly. Below is an example.

http://path/index.php?_a=knowledgebase&_j=search&searchm;=[CODEGOESHERE]

This vulnerability could be used to steal cookie based authentication credentials within the scope of the current domain, or render hostile code in a victim's browser.


SQL Injection Vulnerabilities:
Kayako eSupport is prone to SQL Injection in a number of places. Below are some examples of url's that could be used to take advantage of these vulnerabilities.

http://path/index.php?_a=knowledgebase&_j=subcat&_i=[SQL]
http://path/index.php?_a=knowledgebase&_j=rate&_i=[SQL]&type;=no
http://path/index.php?_a=knowledgebase&_j=questiondetails&_i=[SQL]
http://path/index.php?_a=tickets&_m=viewmain&email22;=blah@blah&ticketkey22;=[SQL]
http://path/index.php?_a=tickets&_m=viewmain&email22;=[SQL]&ticketkey22;=

These is also a SQL Injection vulnerability in the "Home > Ticket Status > Forgot Key" feature. This can be take advantage of by putting a malicious query in the email field. Because of the location of the unchecked variable in the query, it makes it easy for an attacker to use these issues to query just about any info from the underlying database.


Solution:
The Kayako support team was informed of these vulnerabilities and they have been fixed in Kayako eSupport v2.3.1


Credits:
James Bercegay of the GulfTech Security Research Team