|
COMMAND BadBlue SYSTEMS AFFECTED BadBlue v1.02 beta for Windows 98, ME and 2000 PROBLEM BadBlue is a tiny, free download that lets you share files, search other PCs and even run powerful web applications. Badblue support .php extension. It is possible to retrieve full .php source code. Badblue contains an input validation vulnerability which may lead to download the full source code of .php pages. This is due to a lack of checks for NULL bytes. Exemple: http://myBadBlue.com/test.php%00 It is possible too to download .dll file used by BadBlue. Exmeple: http://myBadBlue.com/ext.dll%00 This has been discovered by Cabezon Aurelien. SOLUTION A fix will be included in the 1.5 version.