Penetration Testing mailing list archives
Re: Using Domino5.0.7 webadmin.ntf to read files
From: "Richard" <rvg () nltr ca>
Date: Fri, 17 May 2002 16:54:35 -0400
Supposing that 852566C90012664F is the ReplicaID of webadmin.ntf,by using : http://x.x.x.x:80/852566C90012664F/DBList?ReadForm you can list databases on the server.
This bug was fixed in 5.0.8. It can be avoided in two simple ways: (a) upgrade (b) follow best practices and don't put templates on the server and if you choose to ignore this advice at least set your ACLs accordingly. Try a simple search to learn all you want. http://www.google.ca/search?q=webadmin.ntf The vendor response is here: http://www-1.ibm.com/support/manager.wss?rs=463&rt=0&org=sims&doc=0B0C94EBE9 401D7B85256B5A006DECFC richard ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Using Domino5.0.7 webadmin.ntf to read files Ilici Ramirez (May 17)
- <Possible follow-ups>
- Re: Using Domino5.0.7 webadmin.ntf to read files Richard (May 17)