• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Working Resources BadBlue Directory Traversal Vulnerability

Working Resources BadBlue is a webserver intended to share various resources and is developed for Microsoft Windows environments. Shared files specifically, are served through a library called 'ext.dll'.

Due to a flaw in BadBlue it is possible for a user to gain read access to arbitrary directories and files.

If a request constructed with '../' sequences is submitted as a parameter to the script used to read Microsoft Office documents, the user may break out of the permitted path. It is then possible to view arbitrary directories and files residing on the host.