Kayako eSupport version 3.70.02 suffers from a remote SQL injection vulnerability.
c21016562a10351e8331365cfc92eb2971440acb843cfe7044b22a58594b26e7
Name :Kayako eSupport v3.70.02 SQL Injection Vulnerability
Date : july 17,2010
Critical Level : HIGH
vendor URL :http://www.kayako.com/solutions/esupport/
google dork:Help Desk Software by Kayako SupportSuite v3.70.02
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,SeeMe,RoadKiller
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
eSupport incorporates Kayako's leading ticket and e-mail management support desk software, including knowledgebase, troubleshooter, news and downloads publishing tools.
#######################################################################################################
Xploit:SQli Vulnerability
http://[site]/supportsuite/index.php?_m=news&_a=viewnews&newsid=[Sqli]
#######################################################################################################
# 0day no more
# Sid3^effects