On Aug 17, 2006, at 1:48 PM, George A. Theall wrote: > On Thu, Aug 17, 2006 at 12:52:44PM -0700, Erik Stephens wrote: > >> I came across a 2.3.5 version of eKayako that is still vulnerable. > > Have you tried the exploit manually to confirm it is indeed > vulnerable? Yes, it is definitely vulnerable. > http://www.securityfocus.com/archive/1/393946 > http://forums.kayako.com/showthread.php?t=2689 > > The second is the vendor's announcement of the 2.3.1 release. While > that > offers no specifics, it does credit "James from GulfTech" as > discovering > the flaws that are being fixed. > > Btw, when Bercegay released his advisory on 12/18/2004, there was no > solution available at the time; eg, see: > > http://www.securityfocus.com/archive/1/384882 > > although he anticipated one "soon". Compare that with a subsequent > advisory: > > http://www.gulftech.org/?node=research&article_id=00092-07302005 > > which mentions Kayako developers asking for 3 months to resolve some > later issues. > >> How to solve? > > Assuming the flaw does indeed exist and you're really looking at > 2.3.5, > I think the best thing would be to contact the vendor. Perhaps the > issue > was reintroduced after being fixed? Will do. Four releases and almost 2 years seems like a long time to address simple XSS vulns - it's not that difficult to escape what needs escaping. I will contact them to get the definitive scoop and let you know what the plugin should say, regarding the solution section. Thanks, Erik _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Thu Aug 17 2006 - 18:40:14 PDT