Home » Hacking News » BadBlue Web Server v1.7.0 Directory Contents Disclosure

BadBlue Web Server v1.7.0 Directory Contents Disclosure

by Nikola Strahija on June 3rd, 2002 BadBlue is a well known small-scale web server for sharing files with remote users. The server, by default, will not let a user view the contents of a directory. By appending the unicode variant of "%" (hex 25) it will cause the web server to display the contents of the current directory.

Vendor Status::
^^^^^^^^^^^^^^^^^
Vendor has been contacted and has produced a fix.

Workaround::
^^^^^^^^^^^^^^
Vendor has produced a patch.

Product Fix:
^^^^^^^^^^^^^
Version: BadBlue Personal Edition v1.7.1 May 28, 2002

Windows 95 and NT 4
http://www.badblue.com/bb95.exe

Windows 95, ME, 2000, XP
http://www.badblue.com/bb98.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
p0p t4rtz
[email protected]

Bit
[email protected]

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

BadBlue Web Server v1.7.0 Directory Contents Disclosure

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact