Bugtraq mailing list archives
BadBlue Web Server Ext.dll Vulnerabilities
From: SNS Research <vuln-dev () greyhack com>
Date: Sat, 17 Feb 2001 10:18:12 +0100
Strumpf Noir Society Advisories ! Public release ! <--# -= BadBlue Web Server Ext.dll Vulnerabilities =- Release date: Saturday, February 17, 2001 Introduction: BadBlue is a (MS Windows-based) web server intended for a wide range of applications, from providing file sharing possibilities to an application development and deployment environment. It includes full-featured support of tools like CGI, ISAPI and PHP. BadBlue can be found on at vendor Working Resources Inc.'s website: http://www.badblue.com Problem: The BadBlue web server serves files through a library called ext.dll. A typical request to the server would be build up through a request to this file together with a string containing the actual command data like so: http://127.0.0.1/ext.dll?mfcisapicommand=loadpage&page=default.hts Some ways have been found to manipulate the server by playing with this string. By omitting the data following ext.dll in above mentioned request, the server will return an error which discloses information regarding the path where it is running on the machine. What's more, by substituting this data for a string of 284 bytes or more, the BadBlue web server will die. Directory disclosure example: http://server/ext.dll will result in: [Error: opening c:\program files\badblue\pe\default.htx (2)] Denial-of-service example: http://server/ext.dll?aaaaa(x 248 bytes) will cause the server to die. (..) Solution: Working Resources Inc. has made BadBlue version 1.02.8 availble from its website, which adresses these problems. This was tested against BadBlue 1.02.07 Personal Edition. After contacting the vendor it is our understanding that the other members of the BadBlue product suite are based on the same code base and are vulnerable as well. Users are encouraged to upgrade. yadayadayada Free sk8! (http://www.freesk8.org) SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html) compliant, all information is provided on AS IS basis. EOF, but Strumpf Noir Society will return!
Current thread:
- BadBlue Web Server Ext.dll Vulnerabilities SNS Research (Feb 19)