Re: L0pht 'Domino' Vulnerability is alive and well

Ryan Thomas Tecco (rteccoUMICH.EDU)
Fri, 9 Jul 1999 12:06:51 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Andy Polyakov: "Re: Exploit of rpc.cmsd"
• Previous message: Bob Todd: "Exploit of rpc.cmsd"
• Next in thread: ET LoWNOISE: "[LoWNOISE] Lotus Domino"

Even more frightening, head to:

http://domino.siteatlas.com/domino/siteatlas.nsf?Open

for a rather complete listing of worldwide industries, ranging from telco
to hotels, who run Domino...

rt

On Thu, 8 Jul 1999 mtremblayBAHNSO.COM wrote:

> yep that's all true... yet I feel domino sites are quite secure for many other
> reasons...
> one of them being that domino is a very proprietary platform and that very few
> people know about common commands:
> url?open
> url?openform
> url?openpage
> url?opendatabase
>
> notes: www.lotus.com\?open would allow you to list all DBs on the server if not
> properly cfg... also note that mail files are almost always in a \mail dir wich
> may be accessible by www.lotus.com\mail\?open, also note that mail files are
> almost always named by the mail username (wich you can get by any other relevant
> mean such as smtp "verfy let'ssaywebmaster") and of type .nsf (as are all other
> notes db files)... moreover (and finaly this is my point!!!), there is no such
> thing as a "locked" account (am i right, if not, i know for sure that the
> "locked" feature is not enable by default), so just have yourself a perl script
> that try
>
> www.lotus.com\mail\webmaster.nsf?open
>
> with some brute force pcrack, and you're it!
>
> ps: this is fiction to a certain point, as I dont know the syntax of a url wich
> would feed the passwd/usern to the above location
>
> flames and applause welcome!!! ;)
>

• Next message: Andy Polyakov: "Re: Exploit of rpc.cmsd"
• Previous message: Bob Todd: "Exploit of rpc.cmsd"
• Next in thread: ET LoWNOISE: "[LoWNOISE] Lotus Domino"

This archive was generated by hypermail 2.0b3 on Thu Jul 08 1999 - 20:32:58 CDT