header-logo
Suggest Exploit
vendor:
BadBlue
by:
SecurityFocus
7.5
CVSS
HIGH
Input Validation Vulnerability
20
CWE
Product Name: BadBlue
Affected Version From: BadBlue 2.5
Affected Version To: BadBlue 2.5
Patch Exists: YES
Related CWE: N/A
CPE: a:working_resources:badblue
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

BadBlue ext.dll ISAPI Input Validation Vulnerability

BadBlue is a P2P file sharing application distributed by Working Resources. The ext.dll ISAPI does not sufficiently sanitize input. Because of this, it is possible for a user to create a custom URL containing script code that, when viewed in a browser by another user, will result in the execution of the script code. This could allow for the execution of malicious JavaScript in the context of a trusted site.

Mitigation:

Input validation should be performed to ensure that untrusted input is not used to execute arbitrary code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5086/info

BadBlue is a P2P file sharing application distributed by Working Resources. The ext.dll ISAPI does not sufficiently sanitize input. Because of this, it is possible for a user to create a custom URL containing script code that, when viewed in a browser by another user, will result in the execution of the script code. This could allow for the execution of malicious JavaScript in the context of a trusted site. 

http://target/ext.dll?MfcISAPICommand=LoadPage&page=search.htx&a0=%3Cscript%3Ealert('lame')%3C/script%3E&a1=0&a2=1&a3=6

Navigation

Suggest Exploit

Services By CQR