11 lines
No EOL
782 B
Text
11 lines
No EOL
782 B
Text
source: https://www.securityfocus.com/bid/4179/info
|
|
|
|
Working Resources BadBlue is a webserver intended to share various resources and is developed for Microsoft Windows environments.
|
|
|
|
BadBlue is prone to directory traversal attacks. It is possible for a remote attacker to submit a malicious web request containing triple-dot-slash (.../) sequences to break out of wwwroot. The attacker may browse arbitrary web-readable files on the host running the vulnerable software.
|
|
|
|
On Windows operating systems, webservers run in the SYSTEM context. A remote attacker may exploit this vulnerability to read any file on the host that will render in their web browser.
|
|
|
|
Deerfield's D2Gfx is powered by BadBlue v1.02 and should be considered vulnerable as well.
|
|
|
|
http://server/.../...//file.ext |