header-logo
Suggest Exploit
vendor:
BadBlue
by:
SecurityFocus
8.3
CVSS
HIGH
Null Byte Injection
20
CWE
Product Name: BadBlue
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:working_resources:badblue
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Null Byte Injection

BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems. It has been discovered that a request passed to a BadBlue server containing a null byte at the end of a file name will return the contents of the file. This type of request can be applied to gain access to sensitive information, such as the BadBlue configuration file.

Mitigation:

Upgrade to the latest version of BadBlue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5226/info

BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems.

It has been discovered that a request passed to a BadBlue server containing a null byte at the end of a file name will return the contents of the file. This type of request can be applied to gain access to sensitive information, such as the BadBlue configuration file. 

GET /ext.ini.% 00.txt HTTP/1.0

Navigation

Suggest Exploit

Services By CQR