RE: [PHP] Fwd: BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

Wed, 22 Aug 2001 08:50:04 -0700 

At 12:10 PM 8/22/2001, Tom Malone wrote:

read the advisory - everything is explained.....

~kurth

>This is not an issue if you're site is using Apache, correct?
>
>Tom Malone
>Web Designer
>http://www.tom-malone.com
>
>-----Original Message-----
>From: Kurth Bemis [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, August 22, 2001 11:13 AM
>To: [EMAIL PROTECTED]
>Subject: [PHP] Fwd: BadBlue v1.02 beta for Windows 98, ME and 2000 .php
>Source Code Disclosure Vulnerability
>
>
>Thought this may be of interest to somebody.
>
>~kurth
>
>
> >Delivered-To: [EMAIL PROTECTED]
> >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
> >List-Id: <vuln-dev.list-id.securityfocus.com>
> >List-Post: <mailto:[EMAIL PROTECTED]>
> >List-Help: <mailto:[EMAIL PROTECTED]>
> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
> >List-Subscribe: <mailto:[EMAIL PROTECTED]>
> >Delivered-To: mailing list [EMAIL PROTECTED]
> >Delivered-To: moderator for [EMAIL PROTECTED]
> >From: "acz [iSecureLabs]" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> >Cc: <[EMAIL PROTECTED]>
> >Subject: BadBlue v1.02 beta for Windows 98, ME and 2000  .php Source Code
> >Disclosure Vulnerability
> >Date: Wed, 22 Aug 2001 11:11:28 +0200
> >X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> >Importance: Normal
> >
> >-- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000
> >Advisory ] --
> >
> >BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure
> >Vulnerability
> >Problem discovered: 22/08/2001
> >
> >-- [ Overview ] --
> >
> >BadBlue http://badblue.com/ is a tiny, free download that lets you share
> >files, search other
> >PCs and even run powerful web applications.
> >Badblue support .php extension.
> >It is possible to retrieve full .php source code.
> >
> >-- [ Description ] --
> >
> >Badblue contains an input validation vulnerability which may lead to
> >download the full source code of .php pages.
> >This is due to a lack of checks for NULL bytes.
> >
> >Exemple:
> >http://myBadBlue.com/test.php%00
> >
> >Note: It is possible too to download .dll file used by BadBlue.
> >
> >Exmeple:
> >http://myBadBlue.com/ext.dll%00
> >
> >-- [ Tested Version ] --
> >
> >BadBlue v1.02 beta for Windows 98, ME and 2000
> >
> >-- [ Discovered by ] --
> >
> >Cabezon Aurelien | [EMAIL PROTECTED]
> >http://www.iSecureLabs.com | French Security portal
> >http://www.isecurelabs.com/advisory/badblue.html
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to