Kayako Fusion Help Desk Software suffers from a cross site scripting vulnerability.
565127ad9b187160e79043dbc0756f9abe1cadd29b782f144822a834134e3377# Exploit Title: Kayako Fusion Cross Site Scripting
# Date: 17.03.2012
# Author: Sony
# Software Link: http://www.kayako.com/
# Version: all version
# Google Dorks: inurl:Base/UserRegistration/ or intitle:Powered by Kayako
Fusion Help Desk Software
# Web Browser : Mozilla Firefox
# Site : http://insecurity.ro
# PoC:
http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html
..................................................................
Well, we have a cross site scripting in Kayako Fusion.
Our xss in /Tickets/Submit.
Put our code in the all fields and press button Submit.
Click on View Tickets and open our ticket. We can see a Persistent XSS.
http://1.bp.blogspot.com/-XIol_NGfkY4/T2QwnI6O1yI/AAAAAAAAAv8/VocNLueIcSI/s1600/yeah.JPG
http://1.bp.blogspot.com/-hSBqYUG9mVk/T2QwrC7SfeI/AAAAAAAAAwI/t3VfDrmnsUc/s1600/yeah2.JPG
A lot of web sites use Kayako Fusion.
We can see Comodo
http://4.bp.blogspot.com/-NuPPTVnYUKA/T2Qw2JbVMQI/AAAAAAAAAwU/ilLYojJ_gus/s1600/comodo.JPG
Avg
http://4.bp.blogspot.com/-e3EFHjpd_f0/T2Qw7WMsNYI/AAAAAAAAAwg/MvkVl_n8fhQ/s1600/avg.JPG
etc..
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed