As I see it, you do not bypass any ACL or password verification. You only gain access to the templates - providing the acl allows anonymous access. The same thing can be achieved by referencing the template by its replica-id (http://www.securityfocus.com/bid/3491) The whole issue is the way Domino maps the file extension to a physical path. Furthermore the use of buffer truncation to access templates, have already been pointed out by NGSSoftware (http://www.nextgenss.com/papers/hpldws.pdf, page 10). Since templates (usually) only contains design elements and no data, they are (usually) of limited interest. However, there might be some interesting functionality (webadmin.ntf) or information in the template. But you're still only running as anonymous, and that will most likely prevent you from doing any of the 'juicy' stuff. Jens H. Christensen -----Original Message----- From: Gabriel A. Maggiotti [mailto:gmaggiotat_private] Sent: 4. februar 2002 05:00 To: vuln-devat_private; bugtraqat_private Subject: Lotus Domino password bypass
This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 10:00:29 PST