Hello HalbaSus, Saturday, October 19, 2002, 1:16:48 PM, you wrote: H> Hi, I am doing a test for a company also running Lotus Domino. I tried H> names nsf yet it asks for an authentification. According to H> http://packetstormsecurity.nl/0202-exploits/lotus.domino.bypass.txt H> there is a way to bypass the authentification by sending a buffer. I did H> a quick perl script that would brute force that buffer and I found H> something quite interesting. H> An url like http://www.host.com/log.ntf++++x215+++++++.nsf would get me H> the same page as www.host.com/log.nsf (any other buffer would result in H> a server error) This gives me the feeling that the exploit does work, H> and what I'm actually seeing is log.ntf (not log.nsf) but probably the 2 H> files are identical... or maybe I'm wrong... anyway, could you, or H> somebody else concernet about lotus domino security give me a clue about H> all this stuff. I think you're referring to this vulnerability: http://www-1.ibm.com/support/docview.wss?rs=1&org=sims&doc=0B0C94EBE9401D7B85256B5A006DECFC (The URL will probably be wrapped by an MTA somewhere - sorry about that.) This is cured in Domino R5.0.9, by the looks of it. Which version of Domino are you using? Lotus would probably be interested to know if there's a version after that which is still vulnerable. -- Best regards, Philip mailto:philat_private
This archive was generated by hypermail 2b30 : Mon Oct 21 2002 - 08:20:56 PDT