CVE-2002-2170

BadBlue Enterprise Edition <1.74 - RCE

Title source: llm

Description

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Matthew Murphy · htmlremotewindows

https://www.exploit-db.com/exploits/21630

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/5276

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/283418

[Third Party Advisory] http://www.iss.net/security_center/static/9642.php

Scores

EPSS 0.1167

EPSS Percentile 93.7%

Details

Status published

Products (4)

working_resources_inc./badblue enterprise_1.7

working_resources_inc./badblue enterprise_1.7.2

working_resources_inc./badblue enterprise_1.7.3

working_resources_inc./badblue enterprise_1.7.4

Published Dec 31, 2002

Tracked Since Feb 18, 2026