Hi Plasmoid!
During a pentest i've found very usefull this paper:
http://www.ngssoftware.com/papers/hpldws.pdf
Did you have take a look?
On 7/20/07, A Plasmoid <skinodo@gmail.com> wrote:
I'm new to Domino testing, and have found a few interesting databases.
I am wondering if there is anything that could be done with
them.Specifically, there are:
cldbdir.nsf
dba4.nsf
qstart.nsf
/sample/faqw46.nsf
/sample/pagesw46.nsf (several others in sample)
/help/help5_designer.nsf (several others in help)
The ?EditDocument functionality is locked down with "basic
authentication" but I can view them.There is not a lot of info (that I
have found) regarding domino, so I'm hoping that some kind person here
can tell me whether these things can be leveraged into a deeper level
of access or not.
All of the other "important" databases like names.nsf, webadmin.nsf,
and others are also protected with basic auth.
Thanks for any hints, clues, and even "Google is your friend" stuff
(as long as there is a corresponding reasonable search parameter ) :)
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
