Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » BadBlue Web Server v1.7 Protected File Access Vulnerability

BadBlue Web Server v1.7 Protected File Access Vulnerability

by Nikola Strahija on October 25th, 2002 BadBlue is a very small footprint, Win32 web server that supports a suprisingly large array of features: NT-based security; application-serving via ISAPI, CGI, PHP, Perl etc.; CLF logging; virtual directories; directory browsing; service installation; etc.


--[ Summary

It is possible to construct a web request which is capable of accessing the contents
of password protected files/folders on the BadBlue Web Server v1.7. This vulnerability
may only be exploited to access password-protected files in sub-folders of wwwroot.

http://host//secret/

- --[ Tested

Windows 2000 Sp3 / BadBlue Web Server v1.7
Windows 98 SE / BadBlue Web Server v1.7

- --[ Vulnerable

BadBlue Web Server v1.7

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any
of the information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
[email protected]
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to [email protected]

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »