Persistent XSS in Kayako Support Suite

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Persistent XSS in Kayako Support Suite
From: pen-test@xxxxxxxxxx
Date: Wed, 6 May 2009 15:34:59 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

##########################################################
# Comodo Group
#
# Vendor : Kayako Infotech Ltd.
# URL : http://www.kayako.com/
# Version : Kayako SupportSuite < 3.04.10
##########################################################

We've discovered a persistent XSS vulnerability in Kayako Support Suite Version 
3.04.10.  Although other similar XSS and SQL injection vectors such GET 
requests/URLs and other vulnerable POST fields have been previously published, 
we've found no reference to this particular one.  Current versions are not 
vulnerable, however this particular vector has not been previously disclosed.

In verion 3.04.10 (and probably others) an attacker (authenticated staff 
member) can inject code simply by creating a support ticket and including a 
javascript in the ticket notes.  The script will execute in the context of the 
browser of any staff member who views the ticket allowing the attacker to steal 
cookies, spoof web pages, etc.  

BKz
LPIC, Sec+, OSCP
http://www.comodo.com

Prev by Date: [SECURITY] [DSA 1793-1] New kdegraphics packages fix multiple vulnerabilities
Next by Date: EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009
Previous by thread: [SECURITY] [DSA 1793-1] New kdegraphics packages fix multiple vulnerabilities
Next by thread: EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009
Index(es):
- Date
- Thread