header-logo
Suggest Exploit
vendor:
BadBlue
by:
Unknown
7.5
CVSS
HIGH
Input Validation
Unknown
CWE
Product Name: BadBlue
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:xcellenet:badblue
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

BadBlue Remote Unauthorized Access Vulnerability

The vulnerability is caused by an input validation issue in the 'ext.dll' component of BadBlue. A remote attacker can exploit this vulnerability by sending a specially crafted request to the server. By causing '.hts' files to be interpreted by the server, the attacker can execute administrative commands without authorization.

Mitigation:

Apply the latest patches and updates provided by the vendor. Restrict access to the affected component from untrusted networks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7387/info

BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access. This is due to an input validation issue in the 'ext.dll' component that could allow a remote attacker to cause '.hts' files to be interpreted by the server. This could lead to unauthorized execution of administrative commands. 

http://www.example.com/ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1
=root&a2=%5C

Navigation

Suggest Exploit

Services By CQR