Bugtraq mailing list archives
Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root
From: Stephen Forinash <Stephen.Forinash () VERIPRISE COM>
Date: Mon, 8 Jan 2001 16:27:22 -0500
The reason half of the people attempting to verify this came up with file not found is most likely the fact that they were trying to download something from the %systemroot%, given this example. If Domino was installed on a different drive than your OS, these particular files are not available thanks to this security hole. The only (ha, only!) things available are items installed on the same drive as your Domino installation. I've verified this vulnerability with Domino 5.0.5 and 5.0.6 on WinNT 4.0sp6. Basically, the beginning part of the URL "http://my.dominoserver.com/.nsf/../" puts you in the root of the drive your Domino was installed on. Try getting something that's most likely there like "http://my.dominoserver.com/.nsf/../lotus/domino/notes.ini" (Or if you're really looking to have fun, start grabbing your IDs if they're still residing on the same drive as your install!). Stephen -- Stephen Forinash Systems Engineer Veriprise Wireless Corporation stephen.forinash () veriprise com
Current thread:
- Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Georgi Guninski (Jan 05)
- WORKAROUND: Lotus Domino 5.0.5 Web Server vulnerability Leonardo Rodrigues (Jan 09)
- <Possible follow-ups>
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Ben Greenbaum (Jan 08)
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading filesoutside the web root Georgi Guninski (Jan 08)
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Hendrik-Jan Verheij (Jan 09)
- Re: Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Stephen Forinash (Jan 08)