OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: a b (p0pt4rtzhotmail.com)
Date: Sat Jun 01 2002 - 23:33:38 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    BadBlue Web Server v1.7.0 Directory Contents Disclosure
    Author: p0p t4rtz and Bit
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Release Date: May 31, 2002
    Class: Input Validation Error
    Remote/Local: Remote
    Object: BadBlue v1.7.0 and below

    Abstract::
    ^^^^^^^^^^
    BadBlue is a well known small-scale web server for sharing files with remote
    users.
    The server, by default, will not let a user view the contents of a
    directory. By appending the unicode variant of "%" (hex 25) it
    will cause the web server to display the contents of the current directory.

    Vendor Status::
    ^^^^^^^^^^^^^^^^^
    Vendor has been contacted and has produced a fix.

    Workaround::
    ^^^^^^^^^^^^^^
    Vendor has produced a patch.

    Product Fix:
    ^^^^^^^^^^^^^
    Version: BadBlue Personal Edition v1.7.1 May 28, 2002

    Windows 95 and NT 4
    http://www.badblue.com/bb95.exe

    Windows 95, ME, 2000, XP
    http://www.badblue.com/bb98.exe
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    p0p t4rtz
    p0pt4rtzhotmail.com

    Bit
    bitcolumbus.rr.com

    _________________________________________________________________
    Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.