bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/21599.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

11 lines
No EOL
845 B
Text
Raw Blame History

source: http://www.securityfocus.com/bid/5179/info
BadBlue is a P2P file sharing application distributed by Working Resources. It is designed for use on Microsoft Windows operating systems. BadBlue is operated through a web interface, generated by an included web server running on the local system.
A variant to BID 5086 has been reported to exist. Reportedly, EXT.DLL has been re-designed to pass user input to the cleanSearchString function. Unfortunately, this function is implemented as client side javascript, and unsanitized input must be displayed on the client machine as it is passed to the cleanSearchString function.
Additionally, user supplied input is displayed as the hidden form value "a0" without being sanitized.
"hi"'));alert("ZING!!!");document.write(cleanSearchString('a
"><script>alert("ZING!!!");</script><
Reference in a new issue View git blame Copy permalink