Trouble Ticket Express
Publisher
Free trouble ticket software. Simple yet powerful help desk for your web site.
Product Details
Free trouble ticket software. Simple yet powerful help desk for your web site. Features trouble ticket tracking, email alerts, unlimited operators, ticket transfers and highly customizable html and email templates. Additional modules for file uploads, email based submissions, SQL database, user groups, inventory management.
Alibaba Clone Script - Buy2AlibabaSponsored
posted bySangvishinClone Scripts
PriceUSD 499.00
Views4063
Coupon & Affiliate Theme (New 2022) - Download Now!Sponsored
posted byshopperpressinAffiliate Programs
PriceUSD 99.00
Views8440
Management of Shared Storage Using AWS EFS
Setting up and managing a shared disk/folder using AWS EFS so multiple servers can access the same data at the same time
Automating AWS Server Backups and configuring AWS Backup Cycles and AWS Backup rules
Set up automated backups for AWS servers using AWS Backup and clear backup cycles.
Help/Fix on AWS VPC General/Advanced Services (1 Hour)
One hour of help or fixes for AWS VPC networking issues or advanced configurations.
Cost optimization by archiving standard AWS snapshots
Reduce storage costs by cleaning up and archiving old EC2 or EBS snapshots safely.
User Reviews
Please rate the listing and tell the world know what do you think about the listing.
Horrible security by design
Reviewed byUSA IT ProfessionalonFri, 15th June 2012
Trouble Ticket Express is built from the ground up with no intention for security.
There are too many issues to list them all, so below are a few. The software allows:
the software stores config data in non-code bearing ".cgi" files, and constantly rewrites those files (even with MySQL module in use)
server side configs can have data injected into them by any software or person capable of generating a URL (no auth required)
anyone smart enough to edit their local computer's host file to "hack" a new domain name into a TTX config
the install program itself says to install data files and directory with 777 perms in UNIX
...
the list goes on forever
This software is only useful for internal use, and only then if you blindly trust every one of the users and systems capable of communicating with this software.
eastwright
Fri, 28th December 2012
Horrible review (by intention?)
Yes, the software keeps data in *.cgi files to ensure that nobody can access the files by accessing them via browser, even if a customer does not follow setup wizard recommendations and places data files under web root directory. Try to open such file, and all you get is internal server error.
"Server side configs can have data injected" - it would be a severe vulnerability... if it existed. And even worse: assuming that the vulnerability exists, posting hints instead of contacting developer of the open source software does not seem to be professional to begin with...
Anyone can "hack" domain name by editing local hosts file? Sure. But the config file will be "re-hacked" back instantly, by anyone "not smart enough to edit local hosts file". So, what is the point? Sending an email with wrong link? But why not just send legitimate-looking email from your account? Less work and guaranteed result.
"the list goes on forever" - why not use our help desk or web forum to submit the list? We all know that there is no such thing as vulnerability-free software. For non-believers I suggest subscribing to CVE or just to RedHat/Ubuntu security notifications. All those lists are result of work of true professionals, the guys who want to make Internet more secure place by reporting bugs and vulnerabilities to authors.
Sincerely,
Alex Pavlov