The reason half of the people attempting to verify this came up with file
not found is most likely the fact that they were trying to download
something from the %systemroot%, given this example. If Domino was
installed on a different drive than your OS, these particular files are not
available thanks to this security hole. The only (ha, only!) things
available are items installed on the same drive as your Domino
installation.
I've verified this vulnerability with Domino 5.0.5 and 5.0.6 on WinNT
4.0sp6.
Basically, the beginning part of the URL
"http://my.dominoserver.com/.nsf/../" puts you in the root of the drive
your Domino was installed on. Try getting something that's most likely
there like "http://my.dominoserver.com/.nsf/../lotus/domino/notes.ini" (Or
if you're really looking to have fun, start grabbing your IDs if they're
still residing on the same drive as your install!).
Stephen
--
Stephen Forinash
Systems Engineer
Veriprise Wireless Corporation
[EMAIL PROTECTED]
