|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: a b (p0pt4rtz
hotmail.com)Date: Sat Jun 01 2002 - 23:33:38 CDT
BadBlue Web Server v1.7.0 Directory Contents Disclosure
Author: p0p t4rtz and Bit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Release Date: May 31, 2002
Class: Input Validation Error
Remote/Local: Remote
Object: BadBlue v1.7.0 and below
Abstract::
^^^^^^^^^^
BadBlue is a well known small-scale web server for sharing files with remote
users.
The server, by default, will not let a user view the contents of a
directory. By appending the unicode variant of "%" (hex 25) it
will cause the web server to display the contents of the current directory.
Vendor Status::
^^^^^^^^^^^^^^^^^
Vendor has been contacted and has produced a fix.
Workaround::
^^^^^^^^^^^^^^
Vendor has produced a patch.
Product Fix:
^^^^^^^^^^^^^
Version: BadBlue Personal Edition v1.7.1 May 28, 2002
Windows 95 and NT 4
http://www.badblue.com/bb95.exe
Windows 95, ME, 2000, XP
http://www.badblue.com/bb98.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
p0p t4rtz
p0pt4rtzhotmail.com
Bit
bitcolumbus.rr.com
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]