Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18641
HistoryDec 13, 2007 - 12:00 a.m.

SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS

2007-12-1300:00:00
vulners.com
50

——-Summary——
Software: SupportSuite
Sowtware's Web Site: http://www.kayako.com
Versions: 3.00.32
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: imei Addmimistrator
Risk Level: Medium
——Description—–
Supportsuite , a great product of kayako, Ideal for providing ticket
based support, is prone to XSS attack in multiple internal files.{more
than 300 files}

Use of unsafe variable PHP_SELF in so many files of supprtsuite, makes
this program vulnerable against XSS attacks. The bug is in result of
using PHP_SELF variable that is unsafe in many version of PHP inside
of parameter used in function trigger_error().
Product has an "Anti Full path disclosure" approach come here:

if (!defined("INSWIFT")) {
trigger_error("Unable to process $PHP_SELF", E_USER_ERROR);
}
As it's obvious, It has a weakness against XSS.

VISITE ORIGINAL ADVISORY FOR MORE DETAILS
> http://myimei.com/security/2007-12-06/supportsuite-31101-multiple-file-php-self-xss.html


BTW I have no idea what's wrong with moderators. they said my old post
has no detail and ask me for more details. I sent much posts like that
and users could refer to original advisory for understanding bug.
Should you always keep entire text in your site instead of poor bug
finder or its a really new policy!

imei Addmimistrator
Visit my SeQrity Homepage at:
http://myimei.com/security