Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnwatch: [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability

[SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability

From: Tamer Sahin <ts_at_securityoffice.net>
Date: Thu, 24 Oct 2002 21:46:53 +0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ BadBlue Web Server v1.7 Protected File Access Vulnerability ]--

- --[ Type

File Disclosure

- --[ Release Date

October 24, 2002

- --[ Product / Vendor

BadBlue is a very small footprint, Win32 web server that supports a suprisingly large
array of features: NT-based security; application-serving via ISAPI, CGI, PHP, Perl etc.;
CLF logging; virtual directories; directory browsing; service installation; etc.

http://www.badblue.com

- --[ Summary

It is possible to construct a web request which is capable of accessing the contents
of password protected files/folders on the BadBlue Web Server v1.7. This vulnerability
may only be exploited to access password-protected files in sub-folders of wwwroot.

http://host//secret/

- --[ Tested

Windows 2000 Sp3 / BadBlue Web Server v1.7
Windows 98 SE / BadBlue Web Server v1.7

- --[ Vulnerable

BadBlue Web Server v1.7

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any
of the information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
ts_at_securityoffice.net
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback_at_securityoffice.net

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPbhAHvpL5ibJRTtBAQGW/gf+O/ttux6syte4PvUr8LnYYxnMIkWxAaHJ
kduAhhf5WqgaNbWs5IVZ/h+pEaLETBZzHyCNeOeJdeUjwNLTzxxIMeg750d+RQ8s
ko9fRE4WQkSn13z7ngYDDLOPaNboOMW7Fxwn0I16a4ccV6KjUVfH3AWixdET5ioo
w8/Hjj/zhj1cmSyQ1kOnFvywyFbje11qN/ODkEQ7xkW5uUclCTbm1WMFcVfy8sEI
RS1+azgF1dwQ4qhPimBwxEqv+1KY6byNsxDz1oEp/DYXRTPrbVhYIaQ6oHXTddGt
uKfzsC51xbD+6FwyQzEEqczm4Bw/7QrMy4MSY711jGJdnZbi1eKtBQ==
=jpPj
-----END PGP SIGNATURE-----
Received on Oct 24 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos