Hello gpedone77, Saturday, October 19, 2002, 6:20:57 PM, you wrote: g> I tried this with a site running domino 5.0.7 and it works for g> log.ntf+++<>.nsf/ and for webadmin.nsf, but not for setupweb.nsf or for g> names.nsf (at least apparently). g> On Domino 5.0.9a looks like it does not work... it keeps on giving error 500 g> (or requesting auth, it depends on how long is the junk string) As I responded to HalbaSus, this was fixed in R5.0.9, by the looks of it. It doesn't work for names.nsf because the template that names.nsf uses is named pubnames.ntf, not names.ntf. The vulnerability is effectively just confusing the Domino server to return the .ntf equivalent of the .nsf file name - if the database name and the name of the template that created it vary, the database will not be vulnerable. -- Best regards, Philip mailto:philat_private
This archive was generated by hypermail 2b30 : Mon Oct 21 2002 - 08:26:34 PDT