Re: domino vulnerability found

Renaud Deraison Fri, 17 Mar 2006 05:14:45 -0800


On Mar 16, 2006, at 8:10 PM, 3 shool wrote:

Hello,

I'm doing a VA for a server that seems to be running Lotus Domino
email server. Nessus reports following:

The following CGI have been discovered :

Syntax : cginame (arguments [default value])

names.nsf (RedirectTo [/MailJump.nsf] Username [] Login [] %%ModDate
[0000000000000000] Password [] )
/domcfg.nsf/cssLogin (ReadForm[])
/domcfg.nsf/a5f213b09e138b72052566b20068aa38/$Body/0.39E
(FieldElemFormat [gif] OpenElement [] )
/domcfg.nsf/a5f213b09e138b72052566b20068aa38/$Body/0.15E2
(FieldElemFormat [jpg] OpenElement [] )

These are not security problems, it's just a list of CGI, theirarguments and the default value for each. You probably want to auditeach one a bit further.


The syntax is :

CgiName (argument1 [defaultValue] argument2 [defaultValue] ...argumentN [defaultValue] )


ie: you can make the following requests :

/names.nsf?RedirectTo=/MailJump.nsf&Username=XXX&Login=XXX&Password=XXX&%%ModDate=0000000000000000

 /domcfg.nsf/cssLogin?ReadForm

etc..

                                        -- Renaud

_______________________________________________

Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Re: domino vulnerability found

Reply via email to