[13062] in bugtraq
Re: Groupewise Web Interface
daemon@ATHENA.MIT.EDU (Brian)
Wed Dec 22 16:07:38 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.1.32.19991221162220.00685b60@umn.edu>
Date: Tue, 21 Dec 1999 16:22:20 -0600
Reply-To: Brian <eckma009@UMN.EDU>
From: Brian <eckma009@UMN.EDU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
<<<mass snippage>>>
>Here's the interesting bit: Modify the URL by removing the *.html file. Now
>you can browse the directory structure of the web server. Go to the
>/com/novell/webaccess directory and what do we find? The webacc.cfg file.
>The file actually contains the version of the server, Novell paths, etc.
>No passwords are contained here. The actual gateway password is stored
>encrypted in the commgr.cfg file (which is stored in a location separate
>from the actual web pages/servlets).
<<<end mass snippage>>>
This must be with Novell's Web Server? There is no "com" folder anywhere on
my GroupWise
5.5 SP2 box with Netscape Enterprise Server. Novell's Web Server is not
certified
y2k compliant, and is not supported by Novell. I can't believe anyone is
still using it...
I have not found any way to read non-HTML files with the HELP vulnerability
mentioned
earlier (with my setup). I can, however, read any .htm or .html file within
the Web root
(default: sys:\novonyx\suitespot\)
I too, experienced an "abend" with the ...HELP=very_long_string, but every
service
on the server continued to run normally. (each of the six times I tried it)
Brian
