https://www.exploit-db.com/exploits/24409

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/11030/info

BadBlue is prone to a vulnerability that may let the application be abused as a proxy. This vulnerability presents itself due to the 'Pass Thru' function allowing the server to be used as a proxy. This could be exploited by malicious parties to obfuscate their identities and bypass network access controls and firewalls.

BadBlue Personal Edition versions 2.5 and prior are reportedly affected by this issue. 

http://www.example.com/ext.dll?mfcisapicommand=PassThru&url=[Any IP:Any Port]/[Any Command]