Domino File Reading

[marcus.chain () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----

Morning all,

Looking at a Domino 5.0.8 on Win32 server atm, the ReplicaID of the web admin template file can be used and using the 
buffer truncation +++++ trick, I can see the admin page and know that I am the "Anonymous" user.   When I try to 
request a file using 
http://example.com/[ReplicaID]/OSTextFile_Body?ReadForm&Filename="c:\boot.ini"OSTextFile_Body?OpenNavigator I get a 
little JavaScript "alert" pop-up box statement that "Rich Text item Body already exists".   I get the same sort of 
thing if I do the http://example.com/webadmin.ntf+++[etc etc]+++.nsf/OSTextFile_Body?ReadForm&c:\boot.ini trick as well.

Is this a fubar on my part, or are files ACL'd such that this user can't get to them ?   Can't seem to find any answer 
on the net, so any pointers in the vague direction of an answer would be appreciated.

Ta muchly,

Marcus.
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmEEARECACEFAjwMrTAaHG1hcmN1cy5jaGFpbkBodXNobWFpbC5jb20ACgkQVZBW5wkl
TLx0QwCgoJGomB/zs7Loxtkno4Y7aUjZLPAAn2sH0mJ85FIuiz4k+ADHyUPhtzaN
=5PMz
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/