BadBlue Web Server v1.7.0 Directory Contents Disclosure Author: p0p t4rtz and Bit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Release Date: May 31, 2002 Class: Input Validation Error Remote/Local: Remote Object: BadBlue v1.7.0 and below Abstract:: ^^^^^^^^^^ BadBlue is a well known small-scale web server for sharing files with remote users. The server, by default, will not let a user view the contents of a directory. By appending the unicode variant of "%" (hex 25) it will cause the web server to display the contents of the current directory. Vendor Status:: ^^^^^^^^^^^^^^^^^ Vendor has been contacted and has produced a fix. Workaround:: ^^^^^^^^^^^^^^ Vendor has produced a patch. Product Fix: ^^^^^^^^^^^^^ Version: BadBlue Personal Edition v1.7.1 May 28, 2002 Windows 95 and NT 4 http://www.badblue.com/bb95.exe Windows 95, ME, 2000, XP http://www.badblue.com/bb98.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ p0p t4rtz p0pt4rtz@hotmail.com Bit bit@columbus.rr.com _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
