Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
BadBlue Remote Unauthorized Access Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
BadBlue
by:
Unknown
7.5
CVSS
HIGH
Input Validation
Unknown
CWE
Product Name: BadBlue
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:xcellenet:badblue
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

BadBlue Remote Unauthorized Access Vulnerability

The vulnerability is caused by an input validation issue in the 'ext.dll' component of BadBlue. A remote attacker can exploit this vulnerability by sending a specially crafted request to the server. By causing '.hts' files to be interpreted by the server, the attacker can execute administrative commands without authorization.

Mitigation:

Apply the latest patches and updates provided by the vendor. Restrict access to the affected component from untrusted networks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7387/info

BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access. This is due to an input validation issue in the 'ext.dll' component that could allow a remote attacker to cause '.hts' files to be interpreted by the server. This could lead to unauthorized execution of administrative commands. 

http://www.example.com/ext.dll?MfcIsapiCommand=LoadPage&page=admin.hts%20&a0=add&a1
=root&a2=%5C

Navigation

Suggest Exploit

Services By CQR