CVE-2001-0276

BadBlue 1.02.07 Personal Edition - Information Disclosure via ext.dll

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0276. PoCs published by SNS Research.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Working Resources BadBlue by requesting a crafted URL that reveals the physical path to the root directory. The response includes an error message containing the path, confirming the vulnerability.

Description

ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SNS Research · textremotewindows
https://www.exploit-db.com/exploits/20640

This exploit demonstrates an information disclosure vulnerability in Working Resources BadBlue by requesting a crafted URL that reveals the physical path to the root directory. The response includes an error message containing the path, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Working Resources BadBlue
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=98263019502565&w=2
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2390
Various Sources x_refsource_confirm
http://www.badblue.com/p010219.htm
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6130

Scores

EPSS 0.0347
EPSS Percentile 87.5%

Details

Status published
Products (1)
working_resources_inc./badblue 1.2.7
Published May 03, 2001
Tracked Since Feb 18, 2026