Bugtraq mailing list archives

Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root

From: Stephen Forinash <Stephen.Forinash () VERIPRISE COM>
Date: Mon, 8 Jan 2001 16:27:22 -0500

The reason half of the people attempting to verify this came up with file
not found is most likely the fact that they were trying to download
something from the %systemroot%, given this example.  If Domino was
installed on a different drive than your OS, these particular files are not
available thanks to this security hole.  The only (ha, only!) things
available are items installed on the same drive as your Domino
installation.

I've verified this vulnerability with Domino 5.0.5 and 5.0.6 on WinNT
4.0sp6.

Basically, the beginning part of the URL
"http://my.dominoserver.com/.nsf/../"; puts you in the root of the drive
your Domino was installed on.  Try getting something that's most likely
there like "http://my.dominoserver.com/.nsf/../lotus/domino/notes.ini"; (Or
if you're really looking to have fun, start grabbing your IDs if they're
still residing on the same drive as your install!).

Stephen
--
Stephen Forinash
Systems Engineer
Veriprise Wireless Corporation
stephen.forinash () veriprise com

Current thread:

Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Georgi Guninski (Jan 05)
- WORKAROUND: Lotus Domino 5.0.5 Web Server vulnerability Leonardo Rodrigues (Jan 09)
- <Possible follow-ups>
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Ben Greenbaum (Jan 08)
  - Re: Lotus Domino 5.0.5 Web Server vulnerability - reading filesoutside the web root Georgi Guninski (Jan 08)
  - Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Hendrik-Jan Verheij (Jan 09)
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Stephen Forinash (Jan 08)