Working Resources 1.7.3 BadBlue - Null Byte File Disclosure

source: https://www.securityfocus.com/bid/5226/info

BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems.

It has been discovered that a request passed to a BadBlue server containing a null byte at the end of a file name will return the contents of the file. This type of request can be applied to gain access to sensitive information, such as the BadBlue configuration file. 

GET /ext.ini.% 00.txt HTTP/1.0