BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

From: acz [iSecureLabs] (aurelien.cabezonat_private)
Date: Wed Aug 22 2001 - 02:11:28 PDT

  • Next message: John Thornton: "RE: Cell phone access to email"

    -- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000
    Advisory ] --
    
    BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure
    Vulnerability
    Problem discovered: 22/08/2001
    
    -- [ Overview ] --
    
    BadBlue http://badblue.com/ is a tiny, free download that lets you share
    files, search other
    PCs and even run powerful web applications.
    Badblue support .php extension.
    It is possible to retrieve full .php source code.
    
    -- [ Description ] --
    
    Badblue contains an input validation vulnerability which may lead to
    download the full source code of .php pages.
    This is due to a lack of checks for NULL bytes.
    
    Exemple:
    http://myBadBlue.com/test.php%00
    
    Note: It is possible too to download .dll file used by BadBlue.
    
    Exmeple:
    http://myBadBlue.com/ext.dll%00
    
    -- [ Tested Version ] --
    
    BadBlue v1.02 beta for Windows 98, ME and 2000
    
    -- [ Discovered by ] --
    
    Cabezon Aurelien | aurelien.cabezonat_private
    http://www.iSecureLabs.com | French Security portal
    http://www.isecurelabs.com/advisory/badblue.html
    



    This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 08:03:00 PDT