Home page logo
/

pen-test logo Penetration Testing mailing list archives

Domino testing
From: "A Plasmoid" <skinodo () gmail com>
Date: Fri, 20 Jul 2007 16:22:03 -0400

I'm new to Domino testing, and have found a few interesting databases.
I am wondering if there is anything that could be done with
them.Specifically,  there are:

cldbdir.nsf
dba4.nsf
qstart.nsf
/sample/faqw46.nsf
/sample/pagesw46.nsf (several others in sample)
/help/help5_designer.nsf (several others in help)

The ?EditDocument functionality is locked down with "basic
authentication" but I can view them.There is not a lot of info (that I
have found) regarding domino, so I'm hoping that some kind person here
can tell me whether these things can be leveraged into a deeper level
of access or not.

All of the other "important" databases like names.nsf, webadmin.nsf,
and others are also protected with basic auth.

Thanks for any hints, clues, and even "Google is your friend" stuff
(as long as there is a corresponding reasonable search parameter ) :)

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]