Open-source ticketing system by Best Practical Solutions.
Common Path: /rt/
# Look for RT paths
/rt/
/rt/login
/rt/NoAuth/Login.html
# Version in footer
»|« RT 4.4.4+dfsg-2ubuntu1 (Debian)| Username | Password |
|---|---|
root |
password |
admin |
admin |
Admin → Users → Select
Look for:
- Additional usernames
- User comments (often contain temp passwords like "Initial password set to Welcome2023!")
- Email addresses
Browse tickets for:
- Sensitive attachments
- Passwords in ticket body
- Internal hostnames/IPs
- Application names/versions
| Path | Description |
|---|---|
/rt/Admin/Users/Modify.html?id=X |
User details (may contain passwords in comments) |
/rt/Ticket/Display.html?id=X |
View ticket |
/rt/Search/Results.html |
Search all tickets |
/rt/Admin/ |
Admin panel |
Stored XSS in ticket subject/body.
Unauthenticated user enumeration via timing attack.
/opt/rt4/etc/RT_SiteConfig.pm
/etc/request-tracker4/RT_SiteConfig.d/
May contain database credentials:
Set($DatabaseType, 'mysql');
Set($DatabaseUser, 'rt_user');
Set($DatabasePassword, 'password');