-- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory ] -- BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability Problem discovered: 22/08/2001 -- [ Overview ] -- BadBlue http://badblue.com/ is a tiny, free download that lets you share files, search other PCs and even run powerful web applications. Badblue support .php extension. It is possible to retrieve full .php source code. -- [ Description ] -- Badblue contains an input validation vulnerability which may lead to download the full source code of .php pages. This is due to a lack of checks for NULL bytes. Exemple: http://myBadBlue.com/test.php%00 Note: It is possible too to download .dll file used by BadBlue. Exmeple: http://myBadBlue.com/ext.dll%00 -- [ Tested Version ] -- BadBlue v1.02 beta for Windows 98, ME and 2000 -- [ Discovered by ] -- Cabezon Aurelien | aurelien.cabezonat_private http://www.iSecureLabs.com | French Security portal http://www.isecurelabs.com/advisory/badblue.html
This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 08:03:00 PDT