Kayako eSupport Cross Site Scripting

["GulfTech Security Research" <security () gulftech org>]

##########################################################
# GulfTech Security Research               March 22, 2005
##########################################################
# Vendor  : Kayako Web Solutions
# URL     : http://www.kayako.com/
# Version : Kayako eSupport v2.3 
# Risk    : Cross Site Scripting
##########################################################



Description:
Kayako eSupport is a popular helpdesk, and support software. It 
is used by many businesses for customer support purposes. Kayako 
eSupport is prone to cross site scripting attacks that may allow 
the application to be used as an attack vector, or an attacker 
to access sensitive user data .


Cross Site Scripting:
Cross site scripting exists in Kayako eSupport. This vulnerability 
exists due to user supplied input not being checked properly. Below 
are a few benign examples of the previously mentioned issues.

http://path/index.php?_a=knowledgebase&_j=questiondetails&_i=[INT][XSS]
http://path/index.php?_a=knowledgebase&_j=questionprint&_i=[INT][XSS]
http://path/index.php?_a=troubleshooter&_c=[INT][XSS]
http://path/index.php?_a=knowledgebase&_j=subcat&_i=[INT][XSS]

This vulnerability could be used to steal cookie based authentication 
credentials within the scope of the current domain, or render 
hostile code in a victim's browser. Where [INT] and [XSS] should be a 
valid integer and your choice of code, for example 
"><h1>Cross Site Scripting</h1>



Solution:
The Kayako support team was informed of these vulnerabilities and 
they informed me that a fix will be released soon.



Credits:
James Bercegay of the GulfTech Security Research Team

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.7.4 - Release Date: 3/18/2005