|
Penetration Testing
mailing list archives
Domino File Reading
From: marcus.chain () hushmail com
Date: Tue, 4 Dec 2001 03:04:15 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Morning all,
Looking at a Domino 5.0.8 on Win32 server atm, the ReplicaID of the web admin template file can be used and using the
buffer truncation +++++ trick, I can see the admin page and know that I am the "Anonymous" user. When I try to
request a file using
http://example.com/[ReplicaID]/OSTextFile_Body?ReadForm&Filename="c:\boot.ini"OSTextFile_Body?OpenNavigator I get a
little JavaScript "alert" pop-up box statement that "Rich Text item Body already exists". I get the same sort of
thing if I do the http://example.com/webadmin.ntf+++[etc etc]+++.nsf/OSTextFile_Body?ReadForm&c:\boot.ini trick as well.
Is this a fubar on my part, or are files ACL'd such that this user can't get to them ? Can't seem to find any answer
on the net, so any pointers in the vague direction of an answer would be appreciated.
Ta muchly,
Marcus.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wmEEARECACEFAjwMrTAaHG1hcmN1cy5jaGFpbkBodXNobWFpbC5jb20ACgkQVZBW5wkl
TLx0QwCgoJGomB/zs7Loxtkno4Y7aUjZLPAAn2sH0mJ85FIuiz4k+ADHyUPhtzaN
=5PMz
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
- Domino File Reading marcus . chain (Dec 04)
|
Intro
