Information Leakage in Kayako SupportSuite 3.11.01

2008.01.25
Credit: Janek Vind
Risk: Low
Local: No
Remote: Yes
CWE: CWE-200


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 21. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-63.html Target software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ Kayako provides online help desk software and support solutions; enabling companies to improve their support and reduce costs. Our flagship support product SupportSuite is a robust and flexible turn-key solution, allowing you to implement effective support channels, e-mail management and manage self-help resources. SupportSuite does this by combining ticketed support (web and e-mail based), live chat and an intuitive customer interface. Vulnerabilities discovered ======================================================================== ======= 1. Information leakage in "syncml/index.php" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ Anyone can issue request to "syncml/index.php" and in return "$_SERVER" superglobal will be dumped out. This can reveal potentially sensitive php/apache related information, which can be used in further attacking. No authentication or privileges needed, works with any php settings. Proof-Of-Concept: http://localhost/kayako/syncml/ Greetings: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~ Greets to ToXiC, LINUX, y3dips, Sm0ke, Heintz, slimjim100, str0ke and anyone else who know me! Greetings to Raido Kerna. Tervitusi Torufoorumi rahvale! Contact: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ come2waraxe (at) yahoo (dot) com [email concealed] Janek Vind "waraxe" Homepage: http://www.janekvind.com/ Waraxe forum: http://www.waraxe.us/forums.html ---------------------------------- [ EOF ] --------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top