Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: UserID and hashed password for Lotus Domino

From: "gpedone77" <gpedone77 () yahoo it>
Date: Sat, 19 Oct 2002 19:20:57 +0200


Hi, I am doing a test for a company also running Lotus Domino. I tried
names nsf yet it asks for an authentification. According to
http://packetstormsecurity.nl/0202-exploits/lotus.domino.bypass.txt
there is a way to bypass the authentification by sending a buffer. I did
a quick perl script that would brute force that buffer and I found
something quite interesting.
An url like http://www.host.com/log.ntf++++x215+++++++.nsf would get me
the same page as www.host.com/log.nsf (any other buffer would result in
a server error) This gives me the feeling that the exploit does work,
and what I'm actually seeing is log.ntf (not log.nsf) but probably the 2
files are identical... or maybe I'm wrong... anyway, could you, or
somebody else concernet about lotus domino security give me a clue about
all this stuff.




I tried this with a site running domino 5.0.7 and it works for
log.ntf+++<>.nsf/ and for webadmin.nsf, but not for setupweb.nsf or for
names.nsf (at least apparently).
On Domino 5.0.9a looks like it does not work... it keeps on giving error 500
(or requesting auth, it depends on how long is the junk string)





______________________________________________________________________
Scarica il nuovo Yahoo! Messenger: con webcam, nuove faccine e tante altre novità.
http://it.yahoo.com/mail_it/foot/?http://it.messenger.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: