Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Domino testing
From: "Daniele Bellucci" <daniele.bellucci () gmail com>
Date: Mon, 23 Jul 2007 19:50:04 +0200

Hi Plasmoid!
During a pentest i've found very usefull this paper:


Did you have take a look?

On 7/20/07, A Plasmoid <skinodo () gmail com> wrote:
I'm new to Domino testing, and have found a few interesting databases.
 I am wondering if there is anything that could be done with
them.Specifically,  there are:

/sample/pagesw46.nsf (several others in sample)
/help/help5_designer.nsf (several others in help)

The ?EditDocument functionality is locked down with "basic
authentication" but I can view them.There is not a lot of info (that I
have found) regarding domino, so I'm hoping that some kind person here
can tell me whether these things can be leveraged into a deeper level
of access or not.

All of the other "important" databases like names.nsf, webadmin.nsf,
and others are also protected with basic auth.

Thanks for any hints, clues, and even "Google is your friend" stuff
(as long as there is a corresponding reasonable search parameter ) :)

This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer


This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]