subject:"RE\: \[PHP\] Fwd\: BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability"

RE: [PHP] Fwd: BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

2001-08-22 Thread Kurth Bemis


At 12:10 PM 8/22/2001, Tom Malone wrote:

read the advisory - everything is explained.

~kurth

>This is not an issue if you're site is using Apache, correct?
>
>Tom Malone
>Web Designer
>http://www.tom-malone.com
>
>-Original Message-
>From: Kurth Bemis [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, August 22, 2001 11:13 AM
>To: [EMAIL PROTECTED]
>Subject: [PHP] Fwd: BadBlue v1.02 beta for Windows 98, ME and 2000 .php
>Source Code Disclosure Vulnerability
>
>
>Thought this may be of interest to somebody.
>
>~kurth
>
>
> >Delivered-To: [EMAIL PROTECTED]
> >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
> >List-Id: 
> >List-Post: 
> >List-Help: 
> >List-Unsubscribe: 
> >List-Subscribe: 
> >Delivered-To: mailing list [EMAIL PROTECTED]
> >Delivered-To: moderator for [EMAIL PROTECTED]
> >From: "acz [iSecureLabs]" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> >Cc: <[EMAIL PROTECTED]>
> >Subject: BadBlue v1.02 beta for Windows 98, ME and 2000  .php Source Code
> >Disclosure Vulnerability
> >Date: Wed, 22 Aug 2001 11:11:28 +0200
> >X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> >Importance: Normal
> >
> >-- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000
> >Advisory ] --
> >
> >BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure
> >Vulnerability
> >Problem discovered: 22/08/2001
> >
> >-- [ Overview ] --
> >
> >BadBlue http://badblue.com/ is a tiny, free download that lets you share
> >files, search other
> >PCs and even run powerful web applications.
> >Badblue support .php extension.
> >It is possible to retrieve full .php source code.
> >
> >-- [ Description ] --
> >
> >Badblue contains an input validation vulnerability which may lead to
> >download the full source code of .php pages.
> >This is due to a lack of checks for NULL bytes.
> >
> >Exemple:
> >http://myBadBlue.com/test.php%00
> >
> >Note: It is possible too to download .dll file used by BadBlue.
> >
> >Exmeple:
> >http://myBadBlue.com/ext.dll%00
> >
> >-- [ Tested Version ] --
> >
> >BadBlue v1.02 beta for Windows 98, ME and 2000
> >
> >-- [ Discovered by ] --
> >
> >Cabezon Aurelien | [EMAIL PROTECTED]
> >http://www.iSecureLabs.com | French Security portal
> >http://www.isecurelabs.com/advisory/badblue.html
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Fwd: BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

2001-08-22 Thread Tom Malone


This is not an issue if you're site is using Apache, correct?

Tom Malone
Web Designer
http://www.tom-malone.com 

-Original Message-
From: Kurth Bemis [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 22, 2001 11:13 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Fwd: BadBlue v1.02 beta for Windows 98, ME and 2000 .php
Source Code Disclosure Vulnerability


Thought this may be of interest to somebody.

~kurth


>Delivered-To: [EMAIL PROTECTED]
>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>List-Id: 
>List-Post: 
>List-Help: 
>List-Unsubscribe: 
>List-Subscribe: 
>Delivered-To: mailing list [EMAIL PROTECTED]
>Delivered-To: moderator for [EMAIL PROTECTED]
>From: "acz [iSecureLabs]" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Cc: <[EMAIL PROTECTED]>
>Subject: BadBlue v1.02 beta for Windows 98, ME and 2000  .php Source Code 
>Disclosure Vulnerability
>Date: Wed, 22 Aug 2001 11:11:28 +0200
>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
>Importance: Normal
>
>-- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000
>Advisory ] --
>
>BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure
>Vulnerability
>Problem discovered: 22/08/2001
>
>-- [ Overview ] --
>
>BadBlue http://badblue.com/ is a tiny, free download that lets you share
>files, search other
>PCs and even run powerful web applications.
>Badblue support .php extension.
>It is possible to retrieve full .php source code.
>
>-- [ Description ] --
>
>Badblue contains an input validation vulnerability which may lead to
>download the full source code of .php pages.
>This is due to a lack of checks for NULL bytes.
>
>Exemple:
>http://myBadBlue.com/test.php%00
>
>Note: It is possible too to download .dll file used by BadBlue.
>
>Exmeple:
>http://myBadBlue.com/ext.dll%00
>
>-- [ Tested Version ] --
>
>BadBlue v1.02 beta for Windows 98, ME and 2000
>
>-- [ Discovered by ] --
>
>Cabezon Aurelien | [EMAIL PROTECTED]
>http://www.iSecureLabs.com | French Security portal
>http://www.isecurelabs.com/advisory/badblue.html


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Fwd: BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

RE: [PHP] Fwd: BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

2 matches

Site Navigation

Mail list logo

Footer information