Penetration Testing mailing list archives
RE: Vulnerability discovered on Lotus Domino server "admin4.nsf"
From: "Enrique A. Sanchez Montellano" <enrique.sanchez () hypersec co uk>
Date: Tue, 7 Mar 2006 13:55:36 -0600
Just go ahead and execute comands via the interface that should work perfectly 8depends on the versiĆ³n of your lotus is the way is going to show, you could also hijack other connections to servers or worse. I would suggest you add up an account so client know you are there, you don't want any lawsuits because of freaky admins do you? Make shure the account has admin access =) Should work ok, the best manual is the lotus manual, I have them in print but you can check them out electronically im shure ... Enrique A. Sanchez Montellano Security Consultant -----Mensaje original----- De: 3 shool [mailto:3shool () gmail com] Enviado el: Lunes, 06 de Marzo de 2006 02:45 p.m. Para: pen-test () securityfocus com Asunto: Vulnerability discovered on Lotus Domino server "admin4.nsf" Hi, I'm doing an external blackbox PT on a mail server running Lotus Domino. The server OS is Windows 2000 and web server is Lotus Domino. It has following ports open: 80 - Lotus Domino httpd 443 - Lotus Domino httpd 1352 - Lotus Domino server 5631 - PCAnywhere During a manual assessment I discovered "admin4.nsf" on server, accessible without any sort of authentication. It is suppose to be the Administrator Request Database. From the name I suppose this should be something that shouldn't be visible to everyone. I don't have any experience in Lotus Domino. I read a couple of docs on Internet but couldn't get the real implication of such a vulnerability. I'm a little hesitant to perform any actions with the interface as it might disrupt some activities on the server and client might not like it. Is there anybody on the list who could guide me on the implication of this vulnerability and how to get a proper sense of it. What are the functionalities of 'admin4.nsf' and what damage could it do if an un-authenticated user has access to it. Looking forward to some enlightenment on this topic. Now I'm going to downlaod a Lotus client and see what I can do with the other open port "1352", looks like another hole from where I can find my way in. Thank you. ---------------------------------------------------------------------------- -- This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ---------------------------------------------------------------------------- -- ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- Vulnerability discovered on Lotus Domino server "admin4.nsf" 3 shool (Mar 07)
- RE: Vulnerability discovered on Lotus Domino server "admin4.nsf" Enrique A. Sanchez Montellano (Mar 07)
- Message not available
- Re: Vulnerability discovered on Lotus Domino server "admin4.nsf" 3 shool (Mar 07)
- RE: Vulnerability discovered on Lotus Domino server "admin4.nsf" Enrique A. Sanchez Montellano (Mar 07)
- Re: Vulnerability discovered on Lotus Domino server "admin4.nsf" 3 shool (Mar 07)
- Re: Vulnerability discovered on Lotus Domino server "admin4.nsf" Alex Kloss (Mar 07)
- <Possible follow-ups>
- Re: Vulnerability discovered on Lotus Domino server "admin4.nsf" jalvare7 (Mar 08)
- Re: Vulnerability discovered on Lotus Domino server "admin4.nsf" jalvare7 (Mar 08)
- Re: Vulnerability discovered on Lotus Domino server "admin4.nsf" jalvare7 (Mar 08)
- Re: Vulnerability discovered on Lotus Domino server "admin4.nsf" 3 shool (Mar 09)
- Re: Re: Vulnerability discovered on Lotus Domino server "admin4.nsf" ron (Mar 28)