yep that's all true... yet I feel domino sites are quite secure for many other reasons... one of them being that domino is a very proprietary platform and that very few people know about common commands: url?open url?openform url?openpage url?opendatabase notes: www.lotus.com\?open would allow you to list all DBs on the server if not properly cfg... also note that mail files are almost always in a \mail dir wich may be accessible by www.lotus.com\mail\?open, also note that mail files are almost always named by the mail username (wich you can get by any other relevant mean such as smtp "verfy let'ssaywebmaster") and of type .nsf (as are all other notes db files)... moreover (and finaly this is my point!!!), there is no such thing as a "locked" account (am i right, if not, i know for sure that the "locked" feature is not enable by default), so just have yourself a perl script that try www.lotus.com\mail\webmaster.nsf?open with some brute force pcrack, and you're it! ps: this is fiction to a certain point, as I dont know the syntax of a url wich would feed the passwd/usern to the above location flames and applause welcome!!! ;)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:51:51 PDT