[24061] in bugtraq
Re: Script for find domino's users
daemon@ATHENA.MIT.EDU (Simon Delicata)
Thu Jan 31 17:54:49 2002
To: gmaggiot@ciudad.com.ar
Cc: bugtraq@securityfocus.com, gabi@postino5.prima.com.ar
Message-ID: <OFB9B5851F.02EFA365-ON80256B52.006CBA40-80256B52.006E2D45@planer.co.uk>
From: "Simon Delicata" <sdelicata@planer.co.uk>
Date: Thu, 31 Jan 2002 20:03:10 +0000
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
This isn't a proof of concept, but more a probe for misconfigured database
ACL's.
If a Domino web server doesn't have a redirection URL for /mail/* mail
files, then you rely on the access control for each mail file.
Two things can be done to avoid this :
1 - Change the ACL on sensitive databases ( /mail/* , names.nsf ) to :
Anonymous - No access
[Default] - No access
2 - Within the Server Document for each server, ensure that "Allow HTTP
clients to browse databases:" is set to "No"
I believe that all versions of Domino server from 4.5 upwards are
suceptible to badly configured ACL's. Any good administrator would have a
hold of this already.
#!/usr/local/bin/php -q
<?
<snip>
</snip>
fclose ($fd);
?>
