Re: L0pht 'Domino' Vulnerability is alive and well

[rtecco () UMICH EDU (Ryan Thomas Tecco)]

Even more frightening, head to:

http://domino.siteatlas.com/domino/siteatlas.nsf?Open

for a rather complete listing of worldwide industries, ranging from telco
to hotels, who run Domino...

rt

On Thu, 8 Jul 1999 mtremblay () BAHNSO COM wrote:

> yep that's all true... yet I feel domino sites are quite secure for many other
> reasons...
> one of them being that domino is a very proprietary platform and that very few
> people know about common commands:
> url?open
> url?openform
> url?openpage
> url?opendatabase
>
> notes: www.lotus.com\?open would allow you to list all DBs on the server if not
> properly cfg... also note that mail files are almost always in a \mail dir wich
> may be accessible by www.lotus.com\mail\?open, also note that mail files are
> almost always named by the mail username (wich you can get by any other relevant
> mean such as smtp "verfy let'ssaywebmaster") and of type .nsf (as are all other
> notes db files)... moreover (and finaly this is my point!!!), there is no such
> thing as a "locked" account (am i right, if not, i know for sure that the
> "locked" feature is not enable by default), so just have yourself a perl script
> that try
>
> www.lotus.com\mail\webmaster.nsf?open
>
> with some brute force pcrack, and you're it!
>
> ps: this is fiction to a certain point, as I dont know the syntax of a url wich
> would feed the passwd/usern to the above location
>
> flames and applause welcome!!! ;)