Badblue HTTP Server Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Badblue HTTP Server Exploit
From: Miguel Tarascó Acuña <tarako@xxxxxxxxx>
Date: Sun, 27 Feb 2005 23:45:08 +0100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type; b=EhxdzpzPsceODp4thiTQmGHOeHjE/kTLAJMJEtPU/ti8rdhXfO5pBUtNXyvNLTSfuG8ED3AuSPSk4moGXcO4Y+FgUd1G9wHO62YQRyiv8phIZ7u5jusRcm2+evNve0npnkgtLdt+xcv1tqH+iq8IgB4d8Dhcp+8O3ppU6zC/q7Q=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: tarako_AT_gmail_DOT_com@xxxxxxxxxxxxxxxxx

Hi

Here is the Exploit to the new BadBlue Vuln


/* Badblue 2.55 Web Server remote buffer overflow
 * ( Version: BadBlue Personal Edition v2.55  Date: Dec. 9, 2004 )
 *
 * Tested under Windows 2000 Professional SP3/SP4 Spanish
 *              Windows 2000 Server SP4 Spanish
 *              Windows XP SP1 Spanish
 *
 * Credits:
 *  Andres Tarasco (atarasco _at_ sia.es) has discovered this vulnerability
 *  http://lists.netsys.com/pipermail/full-disclosure/2005-February/032029.html
 *
 * Exploit by  : Miguel Tarascó Acuña
 *               Tarako AT Haxorcitos.com
 * Exploit Date: 26/12/2004 
 */

Attachment: badblue.cpp
Description: Binary data

Prev by Date: Firefox Software Update
Next by Date: Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files
Previous by thread: Re: Firefox Software Update
Next by thread: [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ]
Index(es):
- Date
- Thread