[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01

2008-01-2100:00:00

vulners.com

JSON

[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01

Author: Janek Vind "waraxe"
Date: 21. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-63.html

Target software description:


Kayako provides online help desk software and support solutions; enabling
companies to improve their support and reduce costs. Our flagship support
product SupportSuite is a robust and flexible turn-key solution, allowing you
to implement effective support channels, e-mail management and manage self-help
resources.
SupportSuite does this by combining ticketed support &#40;web and e-mail based&#41;,
live chat and an intuitive customer interface.

Vulnerabilities discovered
===============================================================================

1. Information leakage in &quot;syncml/index.php&quot;

Anyone can issue request to "syncml/index.php" and in return "$_SERVER"
superglobal will be dumped out. This can reveal potentially sensitive php/apache
related information, which can be used in further attacking. No authentication
or privileges needed, works with any php settings.

Proof-Of-Concept:

http://localhost/kayako/syncml/

Greetings:


Greets to ToXiC, LINUX, y3dips, Sm0ke, Heintz, slimjim100, str0ke
and anyone else who know me!
Greetings to Raido Kerna. Tervitusi Torufoorumi rahvale!

Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

come2waraxe@yahoo.com
Janek Vind &quot;waraxe&quot;

Homepage: http://www.janekvind.com/
Waraxe forum:  http://www.waraxe.us/forums.html

---------------------------------- [ EOF ] --------------------------------

JSON