Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root
From: Stephen Forinash <Stephen.Forinash () VERIPRISE COM>
Date: Mon, 8 Jan 2001 16:27:22 -0500

The reason half of the people attempting to verify this came up with file
not found is most likely the fact that they were trying to download
something from the %systemroot%, given this example.  If Domino was
installed on a different drive than your OS, these particular files are not
available thanks to this security hole.  The only (ha, only!) things
available are items installed on the same drive as your Domino
installation.

I've verified this vulnerability with Domino 5.0.5 and 5.0.6 on WinNT
4.0sp6.

Basically, the beginning part of the URL
"http://my.dominoserver.com/.nsf/../"; puts you in the root of the drive
your Domino was installed on.  Try getting something that's most likely
there like "http://my.dominoserver.com/.nsf/../lotus/domino/notes.ini"; (Or
if you're really looking to have fun, start grabbing your IDs if they're
still residing on the same drive as your install!).

Stephen
--
Stephen Forinash
Systems Engineer
Veriprise Wireless Corporation
stephen.forinash () veriprise com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]