Technical Details of BadBlue EXT.DLL Vulnerability

["Matthew Murphy" <mattmurphy () kc rr com>]

Several days ago, I reported a vulnerability in the EXT.DLL ISAPI
of BadBlue.  BadBlue 1.7.3 has now been released by the vendor
(Working Resources) at http://www.badblue.com/down.htm for
administrators to upgrade their systems.

The vulnerability exists in how EXT.DLL sanitizes input for HTX/HTS
pages.  Any user input is inserted un-sanitized, making any HTX or
HTS pages that display output vulnerable to attack.

Although these may appear at first glance to be seperate vulnerabilities,
the issue actually is not the pages, but in the ISAPI that processes
them.

Webmasters can test for the vulnerability by running a search query
containing HTML/script (e.g, "<script>alert('vulnerable!');</script>"
would do.)  If the search results page displays a JavaScript Alert,
your server could be used in attacks against visiting browsers.

All administrators running BadBlue PE/EE 1.72 and earlier are at
risk of this vulnerability being exploited on their servers and are
urged to upgrade to BadBlue 1.73 available from the vendor at the
above address.

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown