Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability
From: "acz [iSecureLabs]" <aurelien.cabezon () iSecureLabs com>
Date: Wed, 22 Aug 2001 11:11:28 +0200
-- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000
Advisory ] --

BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure
Vulnerability
Problem discovered: 22/08/2001

-- [ Overview ] --

BadBlue http://badblue.com/ is a tiny, free download that lets you share
files, search other
PCs and even run powerful web applications.
Badblue support .php extension.
It is possible to retrieve full .php source code.

-- [ Description ] --

Badblue contains an input validation vulnerability which may lead to
download the full source code of .php pages.
This is due to a lack of checks for NULL bytes.

Exemple:
http://myBadBlue.com/test.php%00

Note: It is possible too to download .dll file used by BadBlue.

Exmeple:
http://myBadBlue.com/ext.dll%00

-- [ Tested Version ] --

BadBlue v1.02 beta for Windows 98, ME and 2000

-- [ Discovered by ] --

Cabezon Aurelien | aurelien.cabezon () iSecureLabs com
http://www.iSecureLabs.com | French Security portal
http://www.isecurelabs.com/advisory/badblue.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]