Trouble Ticket Express
Publisher
Free trouble ticket software. Simple yet powerful help desk for your web site.
Product Details
Free trouble ticket software. Simple yet powerful help desk for your web site. Features trouble ticket tracking, email alerts, unlimited operators, ticket transfers and highly customizable html and email templates. Additional modules for file uploads, email based submissions, SQL database, user groups, inventory management.
Alibaba Clone Script - Buy2AlibabaSponsored
posted bySangvishinClone Scripts
PriceUSD 499.00
Views4011
Inout Blockchain AltExchanger (Crypto to crypto trading exchange platform script)Sponsored
posted byinoutscriptsinBlockchain & Cryptocurrency
PriceUSD 3,449.00
Views7809
1 Hour AWS Consulting Services/Support
One hour of flexible AWS consulting or support for architecture, design, or issues.
Help/Fix on AWS Lambda Service (1 Hour)
One hour of help or fixes for AWS Lambda functions and related services.
Monitoring Spot Instance Prices and Migrating Instances to Optimal Types/Regions
Automatically monitoring AWS Spot instance prices and moving servers to better instance types or regions for maximum sav
Help/Fix on identifying the most cost effective AWS spot instances based on instance type and region (1 Hour)
One hour of help to choose the most cost effective AWS Spot instances for your workload.
User Reviews
Please rate the listing and tell the world know what do you think about the listing.
Horrible security by design
Reviewed byUSA IT ProfessionalonFri, 15th June 2012
Trouble Ticket Express is built from the ground up with no intention for security.
There are too many issues to list them all, so below are a few. The software allows:
the software stores config data in non-code bearing ".cgi" files, and constantly rewrites those files (even with MySQL module in use)
server side configs can have data injected into them by any software or person capable of generating a URL (no auth required)
anyone smart enough to edit their local computer's host file to "hack" a new domain name into a TTX config
the install program itself says to install data files and directory with 777 perms in UNIX
...
the list goes on forever
This software is only useful for internal use, and only then if you blindly trust every one of the users and systems capable of communicating with this software.
eastwright
Fri, 28th December 2012
Horrible review (by intention?)
Yes, the software keeps data in *.cgi files to ensure that nobody can access the files by accessing them via browser, even if a customer does not follow setup wizard recommendations and places data files under web root directory. Try to open such file, and all you get is internal server error.
"Server side configs can have data injected" - it would be a severe vulnerability... if it existed. And even worse: assuming that the vulnerability exists, posting hints instead of contacting developer of the open source software does not seem to be professional to begin with...
Anyone can "hack" domain name by editing local hosts file? Sure. But the config file will be "re-hacked" back instantly, by anyone "not smart enough to edit local hosts file". So, what is the point? Sending an email with wrong link? But why not just send legitimate-looking email from your account? Less work and guaranteed result.
"the list goes on forever" - why not use our help desk or web forum to submit the list? We all know that there is no such thing as vulnerability-free software. For non-believers I suggest subscribing to CVE or just to RedHat/Ubuntu security notifications. All those lists are result of work of true professionals, the guys who want to make Internet more secure place by reporting bugs and vulnerabilities to authors.
Sincerely,
Alex Pavlov