> Hi, I am doing a test for a company also running Lotus Domino. I tried > names nsf yet it asks for an authentification. According to > http://packetstormsecurity.nl/0202-exploits/lotus.domino.bypass.txt > there is a way to bypass the authentification by sending a buffer. I did > a quick perl script that would brute force that buffer and I found > something quite interesting. > An url like http://www.host.com/log.ntf++++x215+++++++.nsf would get me > the same page as www.host.com/log.nsf (any other buffer would result in > a server error) This gives me the feeling that the exploit does work, > and what I'm actually seeing is log.ntf (not log.nsf) but probably the 2 > files are identical... or maybe I'm wrong... anyway, could you, or > somebody else concernet about lotus domino security give me a clue about > all this stuff. I tried this with a site running domino 5.0.7 and it works for log.ntf+++<>.nsf/ and for webadmin.nsf, but not for setupweb.nsf or for names.nsf (at least apparently). On Domino 5.0.9a looks like it does not work... it keeps on giving error 500 (or requesting auth, it depends on how long is the junk string) ______________________________________________________________________ Scarica il nuovo Yahoo! Messenger: con webcam, nuove faccine e tante altre novità. http://it.yahoo.com/mail_it/foot/?http://it.messenger.yahoo.com/
This archive was generated by hypermail 2b30 : Sun Oct 20 2002 - 10:01:45 PDT