<<<mass snippage>>> >Here's the interesting bit: Modify the URL by removing the *.html file. Now >you can browse the directory structure of the web server. Go to the >/com/novell/webaccess directory and what do we find? The webacc.cfg file. >The file actually contains the version of the server, Novell paths, etc. >No passwords are contained here. The actual gateway password is stored >encrypted in the commgr.cfg file (which is stored in a location separate >from the actual web pages/servlets). <<<end mass snippage>>> This must be with Novell's Web Server? There is no "com" folder anywhere on my GroupWise 5.5 SP2 box with Netscape Enterprise Server. Novell's Web Server is not certified y2k compliant, and is not supported by Novell. I can't believe anyone is still using it... I have not found any way to read non-HTML files with the HELP vulnerability mentioned earlier (with my setup). I can, however, read any .htm or .html file within the Web root (default: sys:\novonyx\suitespot\) I too, experienced an "abend" with the ...HELP=very_long_string, but every service on the server continued to run normally. (each of the six times I tried it) Brian
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:47 PDT