Vulnerability Development mailing list archives
Re: Antwort: Lotus Domino url bypass
From: "CT" <ct () arnet com ar>
Date: Mon, 4 Feb 2002 14:54:45 -0300
http://www.xxxx.com/webadmin.ntf++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++.nsf/ Get in like an Anonimous access, tested with a 219 buffer caracters exactly - 5.0.8 version - But, in the version 5.0.4 dsn´t work: Dominio web administrator is unable to run The database "webadmin.nsf" needs to be signed with and ID file wich is granted "Run unrestricted Lotuscript/Java agents". CyRaNo www.heinekenteam.com Carolyn Meinel fan´s club ----- Original Message ----- From: <j.mickerts () gmx net> To: <gmaggiot () ciudad com ar> Cc: <bugtraq () securityfocus com>; <gabi () postino8 int prima com ar>; <vuln-dev () securityfocus com> Sent: Monday, February 04, 2002 5:35 AM Subject: Antwort: Lotus Domino url bypass
Hi, this does not work for me. I tested it against Domino 5.0.8 on Windows 2000 SP2 with all actual patches. I get redirected to the login-page. How are your ACLs on the template? Mine do not allow Anonymous or Default any access. Maybe this corrects the issue. I also use SSL to connect, but this should not interfere with the exploit. Maybe you should state version and platform. Kind regards, Jens Mickerts
Current thread:
- Antwort: Lotus Domino url bypass j . mickerts (Feb 04)
- Re: Antwort: Lotus Domino url bypass CT (Feb 04)