SecuriTeam - BadBlue XSS/Information Disclosure Vulnerabilities

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

BadBlue is a P2P/Web server offered for Microsoft Windows operating systems by Working Resources. It has a bad security record -- file disclosure, remote administration, denials of service, buffer overflows, directory traversals, and more cross-site scripting flaws than Matthew Murphy cares to count. We can add information disclosure to that list, and add a new XSS hole to the count.

Credit:
The information has been provided by Matthew Murphy.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

soinfo.php - Massive Information Leak
If running with PHP enabled, the BadBlue server's default soinfo.php script can be made to cough up substantial amounts of information, including ODBC passwords:

-- soinfo.php --
<?php
phpinfo();
?>
-- soinfo.php --

Yielding this data to an attacker, in combination with access to the database allows for a compromise of the database.

Cross-Site Scripting in ext.dll Search Page -- Again
Matthew has discovered another flaw in BadBlue's search engine allowing for cross-site scripting:

');alert(document.cookie);//
')" style="left:expression(eval('alert(document.cookie)'))">

Either of these two queries will execute the alert(document.cookie) command.

blog comments powered by Disqus

	Novell Zenworks Software Packaging LaunchHelp.dll Code Execution Vulnerability
	Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability
	Microsoft Internet Explorer swapNode Handling Code Execution Vulnerability
	Microsoft Internet Explorer Select Element Insufficient Type Checking Code Execution Vulnerability
	Internet Explorer Select Element Cache Code Execution Vulnerability
	Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability
	Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability
	Microsoft Internet Explorer Protected Mode Bypass Vulnerability
	Microsoft Internet Explorer 9 STYLE Object Parsing Code Execution Vulnerability
	Microsoft Internet Explorer XSLT SetViewSlave Code Execution Vulnerability
	CA Total Defense Suite Gateway Security Malformed HTTP Packet Code Execution Vulnerability
	HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Code Execution Vulnerability
	TrendMicro Control Manager CASProcessor.exe BLOB Code Execution Vulnerability
	Symantec Veritas Storage Foundation vxsvc.exe Unicode Code Execution Vulnerability
	HP iNode Management Center iNodeMngChecker.exe Code Execution Vulnerability