CVE-2002-2170

BadBlue Enterprise Edition <1.74 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2170. PoCs published by Matthew Murphy.

AI-analyzed exploit summary This exploit leverages an access control vulnerability in BadBlue's administrative interface to remotely add the entire drive of a system via a crafted HTML form. The form submits a GET request to the vulnerable endpoint, allowing unauthorized access to the drive contents.

Description

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Matthew Murphy · htmlremotewindows
https://www.exploit-db.com/exploits/21630

This exploit leverages an access control vulnerability in BadBlue's administrative interface to remotely add the entire drive of a system via a crafted HTML form. The form submits a GET request to the vulnerable endpoint, allowing unauthorized access to the drive contents.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: BadBlue P2P file sharing application
No auth needed
Prerequisites: Vulnerable BadBlue server running on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5276
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/283418
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9642.php

Scores

EPSS 0.0474
EPSS Percentile 90.7%

Details

Status published
Products (4)
working_resources_inc./badblue enterprise_1.7
working_resources_inc./badblue enterprise_1.7.2
working_resources_inc./badblue enterprise_1.7.3
working_resources_inc./badblue enterprise_1.7.4
Published Dec 31, 2002
Tracked Since Feb 18, 2026