Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbMatthew MurphyEDB-ID:21599
HistoryJul 08, 2002 - 12:00 a.m.

Working Resources BadBlue 1.7.3 - 'cleanSearchString()' Cross-Site Scripting

2002-07-0800:00:00
Matthew Murphy
www.exploit-db.com
16

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/5179/info

BadBlue is a P2P file sharing application distributed by Working Resources. It is designed for use on Microsoft Windows operating systems. BadBlue is operated through a web interface, generated by an included web server running on the local system.

A variant to BID 5086 has been reported to exist. Reportedly, EXT.DLL has been re-designed to pass user input to the cleanSearchString function. Unfortunately, this function is implemented as client side javascript, and unsanitized input must be displayed on the client machine as it is passed to the cleanSearchString function.

Additionally, user supplied input is displayed as the hidden form value "a0" without being sanitized. 

"hi"'));alert("ZING!!!");document.write(cleanSearchString('a

"><script>alert("ZING!!!");</script><

Related

cve 1
cvelist 1
nvd 1
cve
cve
CVE-2002-1683
2005-06-21 04:00:00
cvelist
cvelist
CVE-2002-1683
2005-06-21 04:00:00
nvd
nvd
CVE-2002-1683
2002-12-31 05:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:21599
cve1cvelist1nvd1