|
|
| |
| BadBlue is a file sharing web server. A vulnerability exists in how EXT.DLL sanitizes input for HTX/HTS pages. Any user input is inserted un-sanitized, making any HTX or HTS pages that display output vulnerable to attack. |
| |
Credit:
The information has been provided by Matthew Murphy.
|
| |
Vulnerable systems:
* BadBlue version 1.7.2 and prior
Immune systems:
* BadBlue version 1.7.3
Example:
Webmasters can test for the vulnerability by running a search query containing HTML/script (e.g. "alert('vulnerable!');" would do, note that we replaced the 'i' with '!').
If the search results page displays a JavaScript Alert, your server could be used in attacks against visiting browsers.
|
|
|
