Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: L0pht 'Domino' Vulnerability is alive and well
From: mtremblay () BAHNSO COM (mtremblay () BAHNSO COM)
Date: Thu, 8 Jul 1999 19:37:45 GMT


yep that's all true... yet I feel domino sites are quite secure for many other
reasons...
one of them being that domino is a very proprietary platform and that very few
people know about common commands:
url?open
url?openform
url?openpage
url?opendatabase

notes: www.lotus.com\?open would allow you to list all DBs on the server if not
properly cfg... also note that mail files are almost always in a \mail dir wich
may be accessible by www.lotus.com\mail\?open, also note that mail files are
almost always named by the mail username (wich you can get by any other relevant
mean such as smtp "verfy let'ssaywebmaster") and of type .nsf (as are all other
notes db files)... moreover (and finaly this is my point!!!), there is no such
thing as a "locked" account (am i right, if not, i know for sure that the
"locked" feature is not enable by default), so just have yourself a perl script
that try

www.lotus.com\mail\webmaster.nsf?open

with some brute force pcrack, and you're it!

ps: this is fiction to a certain point, as I dont know the syntax of a url wich
would feed the passwd/usern to the above location

flames and applause welcome!!! ;)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault