|
Multiple Kayako eSupport Vulnerabilities
|
December 18, 2021
|
|
|
Description:
Kayako eSupport is one of the most feature packed support systems; in this tour you will
find why over a thousand companies have decided to opt for eSupport and use it to process
their daily support requests. [As quoted from their website]
Cross Site Scripting:
Cross site scripting exists in Kayako eSupport. This vulnerability exists due to user
supplied input not being checked properly. Below is an example.
http://path/index.php?_a=knowledgebase&_j=search&searchm;=[CODEGOESHERE]
This vulnerability could be used to steal cookie based authentication credentials within
the scope of the current domain, or render hostile code in a victim's browser.
SQL Injection Vulnerabilities:
Kayako eSupport is prone to SQL Injection in a number of places. Below are some examples
of url's that could be used to take advantage of these vulnerabilities.
http://path/index.php?_a=knowledgebase&_j=subcat&_i=[SQL]
http://path/index.php?_a=knowledgebase&_j=rate&_i=[SQL]&type;=no
http://path/index.php?_a=knowledgebase&_j=questiondetails&_i=[SQL]
http://path/index.php?_a=tickets&_m=viewmain&email22;=blah@blah&ticketkey22;=[SQL]
http://path/index.php?_a=tickets&_m=viewmain&email22;=[SQL]&ticketkey22;=
These is also a SQL Injection vulnerability in the "Home > Ticket Status > Forgot Key"
feature. This can be take advantage of by putting a malicious query in the email field.
Because of the location of the unchecked variable in the query, it makes it easy for an
attacker to use these issues to query just about any info from the underlying database.
Solution:
The Kayako support team was informed of these vulnerabilities and they have been fixed in
Kayako eSupport v2.3.1
Credits:
James Bercegay of the GulfTech Security Research Team
|
|
|
