Bugtraq mailing list archives
Re: Groupewise Web Interface
From: eckma009 () UMN EDU (Brian)
Date: Tue, 21 Dec 1999 16:22:20 -0600
<<<mass snippage>>>
Here's the interesting bit: Modify the URL by removing the *.html file. Now you can browse the directory structure of the web server. Go to the /com/novell/webaccess directory and what do we find? The webacc.cfg file. The file actually contains the version of the server, Novell paths, etc. No passwords are contained here. The actual gateway password is stored encrypted in the commgr.cfg file (which is stored in a location separate from the actual web pages/servlets).
<<<end mass snippage>>> This must be with Novell's Web Server? There is no "com" folder anywhere on my GroupWise 5.5 SP2 box with Netscape Enterprise Server. Novell's Web Server is not certified y2k compliant, and is not supported by Novell. I can't believe anyone is still using it... I have not found any way to read non-HTML files with the HELP vulnerability mentioned earlier (with my setup). I can, however, read any .htm or .html file within the Web root (default: sys:\novonyx\suitespot\) I too, experienced an "abend" with the ...HELP=very_long_string, but every service on the server continued to run normally. (each of the six times I tried it) Brian
Current thread:
- Re: Groupewise Web Interface Tim Adams (Dec 21)
- Re: Groupewise Web Interface Bayard G. Bell (Dec 21)
- <Possible follow-ups>
- Re: Groupewise Web Interface Brian (Dec 21)
- Re: Groupewise Web Interface Sacha Faust Bourque (Dec 21)
- Re: Groupewise Web Interface Randy Mclean (Dec 22)
- Re: Groupewise Web Interface Richard Beels (Dec 23)
- Re: Groupewise Web Interface Randy Mclean (Dec 22)
- Re: Groupewise Web Interface Brian (Dec 21)
- Re: GroupeWise Web Interface Richard Sather (Dec 21)
- Re: Groupewise Web Interface Roy Sigurd Karlsbakk (Dec 23)