Working Resources 1.7.3 BadBlue - Null Byte File Disclosure
| EKU-ID: 27121 | CVE: CVE-2002-1021;OSVDB-8610 | OSVDB-ID: |
| Author: Matthew Murphy | Published: 2002-06-13 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27121 | CVE: CVE-2002-1021;OSVDB-8610 | OSVDB-ID: |
| Author: Matthew Murphy | Published: 2002-06-13 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/5226/info BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems. It has been discovered that a request passed to a BadBlue server containing a null byte at the end of a file name will return the contents of the file. This type of request can be applied to gain access to sensitive information, such as the BadBlue configuration file. GET /ext.ini.% 00.txt HTTP/1.0