Search | WebPortal | Contact Us
Recent News
Languages


Search
You can use the form below to search our site. Just enter the keywords to search.











BadBlue Web Server Denial of Service Vulnerability
August, 20 2004


Description:
Share photos, videos, music, and business files with friends and colleagues instantly. Tired of paying a service to share your files (and the hassle of sending your files to their site) BadBlue shares files directly from your own PC, using the cable /DSL/broadband/dialup connection you already paid for! BadBlue lets you run a no-hassle Web site on your own PC for free, including a domain name you can choose. Within seconds, you can transform your PC into a friendly, file-sharing Web server with all the power of a real server on the Internet. Remote users can search for files, explore your shared folders, and run full-blown applications created in HTML, PHP, Perl, and so on.

Denial Of Service Vulnerability:
BadBlue Webserver cannot handle multiple connections from the same host, and will deny all acess to any users at right around twenty four simultaneous connections. I have included a proof of concept that floods the target server with a number of connections, and then basically keeps those connections up for as long as you specify, thus blocking all other traffic to the affected server.

Proof of Concept:
BadBlue Webserver Denial of Service POC Code

Solution:
The development team has been contacted and said they will be looking into this issue shortly. Users are advised to upgrade as soon as possible.

Credits:
James Bercegay of the GulfTech Security Research Team.





Copyright 2004 GulfTech Research And Development, All Rights Reserved