TUCoPS :: Web :: Servers :: web5452.htm

BadBlue Web Server Input Validation Error leading to Directory Contents Disclosure
14th Jun 2002 [SBWID-5452]
COMMAND

	BadBlue Web Server Input Validation Error leading to Directory  Contents
	Disclosure

SYSTEMS AFFECTED

	BadBlue v1.7.0 and below
	

	

PROBLEM

	p0p  t4rtz  [p0pt4rtz@hotmail.com]   Bit   [bit@columbus.rr.com]   found
	following:
	

	BadBlue is a well known small-scale web server for  sharing  files  with
	remote users. The server, by default, will  not  let  a  user  view  the
	contents of a directory. By appending the unicode variant of \"%\"  (hex
	25) it will cause the web server to display the contents of the  current
	directory.
	

	

SOLUTION

	Use new version: BadBlue Personal Edition v1.7.1 May 28, 2002
	

	Windows 95 and NT 4
	

	http://www.badblue.com/bb95.exe

	

	

	Windows 95, ME, 2000, XP
	

	http://www.badblue.com/bb98.exe

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH