Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using Domino5.0.7 webadmin.ntf to read files

From: "Richard" <rvg () nltr ca>
Date: Fri, 17 May 2002 16:54:35 -0400
Supposing that 852566C90012664F is the ReplicaID of
webadmin.ntf,by using :
http://x.x.x.x:80/852566C90012664F/DBList?ReadForm
you can list databases on the server.



This bug was fixed in 5.0.8.  It can be avoided in two simple ways: (a)
upgrade (b) follow best practices and don't put templates on the server and
if you choose to ignore this advice at least set your ACLs accordingly.

Try a simple search to learn all you want.

http://www.google.ca/search?q=webadmin.ntf

The vendor response is here:

http://www-1.ibm.com/support/manager.wss?rs=463&rt=0&org=sims&doc=0B0C94EBE9
401D7B85256B5A006DECFC

richard


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: