Even more frightening, head to: http://domino.siteatlas.com/domino/siteatlas.nsf?Open for a rather complete listing of worldwide industries, ranging from telco to hotels, who run Domino... rt On Thu, 8 Jul 1999 mtremblayat_private wrote: > yep that's all true... yet I feel domino sites are quite secure for many other > reasons... > one of them being that domino is a very proprietary platform and that very few > people know about common commands: > url?open > url?openform > url?openpage > url?opendatabase > > notes: www.lotus.com\?open would allow you to list all DBs on the server if not > properly cfg... also note that mail files are almost always in a \mail dir wich > may be accessible by www.lotus.com\mail\?open, also note that mail files are > almost always named by the mail username (wich you can get by any other relevant > mean such as smtp "verfy let'ssaywebmaster") and of type .nsf (as are all other > notes db files)... moreover (and finaly this is my point!!!), there is no such > thing as a "locked" account (am i right, if not, i know for sure that the > "locked" feature is not enable by default), so just have yourself a perl script > that try > > www.lotus.com\mail\webmaster.nsf?open > > with some brute force pcrack, and you're it! > > ps: this is fiction to a certain point, as I dont know the syntax of a url wich > would feed the passwd/usern to the above location > > flames and applause welcome!!! ;) >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:51:53 PDT