Several days ago, I reported a vulnerability in the EXT.DLL ISAPI of BadBlue. BadBlue 1.7.3 has now been released by the vendor (Working Resources) at http://www.badblue.com/down.htm for administrators to upgrade their systems. The vulnerability exists in how EXT.DLL sanitizes input for HTX/HTS pages. Any user input is inserted un-sanitized, making any HTX or HTS pages that display output vulnerable to attack. Although these may appear at first glance to be seperate vulnerabilities, the issue actually is not the pages, but in the ISAPI that processes them. Webmasters can test for the vulnerability by running a search query containing HTML/script (e.g, "<script>alert('vulnerable!');</script>" would do.) If the search results page displays a JavaScript Alert, your server could be used in attacks against visiting browsers. All administrators running BadBlue PE/EE 1.72 and earlier are at risk of this vulnerability being exploited on their servers and are urged to upgrade to BadBlue 1.73 available from the vendor at the above address. "The reason the mainstream is thought of as a stream is because it is so shallow." - Author Unknown
