From: Daniele Bellucci (daniele.bellucci@gmail.com)
Date: Mon Jul 23 2007 - 13:50:04 EDT
Hi Plasmoid!
During a pentest i've found very usefull this paper:
http://www.ngssoftware.com/papers/hpldws.pdf
Did you have take a look?
On 7/20/07, A Plasmoid <skinodo@gmail.com> wrote:
> I'm new to Domino testing, and have found a few interesting databases.
> I am wondering if there is anything that could be done with
> them.Specifically, there are:
>
> cldbdir.nsf
> dba4.nsf
> qstart.nsf
> /sample/faqw46.nsf
> /sample/pagesw46.nsf (several others in sample)
> /help/help5_designer.nsf (several others in help)
>
> The ?EditDocument functionality is locked down with "basic
> authentication" but I can view them.There is not a lot of info (that I
> have found) regarding domino, so I'm hoping that some kind person here
> can tell me whether these things can be leveraged into a deeper level
> of access or not.
>
> All of the other "important" databases like names.nsf, webadmin.nsf,
> and others are also protected with basic auth.
>
> Thanks for any hints, clues, and even "Google is your friend" stuff
> (as long as there is a corresponding reasonable search parameter ) :)
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Swap Out your SPI or Watchfire app sec solution for
> Cenzic's robust, accurate risk assessment and management
> solution FREE - limited Time Offer
>
> http://www.cenzic.com/c/wf-spi
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:58 EDT