Exploit Working Resources BadBlue 1.7 - 'ext.dll' Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21576
Проверка EDB
  1. Пройдено
Автор
MATTHEW MURPHY
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2002-1685
Дата публикации
2002-06-23
Код:
source: https://www.securityfocus.com/bid/5086/info

BadBlue is a P2P file sharing application distributed by Working Resources. The ext.dll ISAPI does not sufficiently sanitize input. Because of this, it is possible for a user to create a custom URL containing script code that, when viewed in a browser by another user, will result in the execution of the script code. This could allow for the execution of malicious JavaScript in the context of a trusted site. 

http://target/ext.dll?MfcISAPICommand=LoadPage&page=search.htx&a0=%3Cscript%3Ealert('lame')%3C/script%3E&a1=0&a2=1&a3=6
 
Источник
www.exploit-db.com

Похожие темы