header-logo
Suggest Exploit
vendor:
BadBlue
by:
SecurityFocus
7.5
CVSS
HIGH
Security Bypass
264
CWE
Product Name: BadBlue
Affected Version From: BadBlue 2.0
Affected Version To: BadBlue 2.5
Patch Exists: No
Related CWE: CVE-2002-0647
CPE: o:badblue:badblue
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

BadBlue Security Bypass Vulnerability

It is possible to bypass BadBlue security checks when '.hts' files are requested by a remote user. BadBlue restricts access to non-HTML files by replacing the first two letters in the file extension of a requested resource with 'ht'. If the third character of a file extension is 's', then it is possible to trick BadBlue into serving a non-HTML file with an extension of '.hts'. This will bypass other security checks which would normally prevent BadBlue from serving these files to remote users. This example will reveal the contents of the server's primary volume.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7638/info

BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access to administrative functions.

It is possible to bypass BadBlue security checks when '.hts' files are requested by a remote user. BadBlue restricts access to non-HTML files by replacing the first two letters in the file extension of a requested resource with 'ht'. If the third character of a file extension is 's', then it is possible to trick BadBlue into serving a non-HTML file with an extension of '.hts'. This will bypass other security checks which would normally prevent BadBlue from serving these files to remote users.

http://www.example.com/ext.dll?mfcisapicommand=loadpage&page=admin.ats&a0=add&a1=root&a2=%5C

This example will reveal the contents of the server's primary volume.

Navigation

Suggest Exploit

Services By CQR