|
⇤ ← Revision 1 as of 2009-05-31 11:14:09
Size: 533
Comment:
|
Size: 889
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 14: | Line 14: |
| 1. Another interesting database is the Name & Address book (typically /names.nsf) 1. Depending on the version of Domino is running, you can try accessing the hidden $Users view of the Name & Address book. This view contains the unsalted HTTP password hashes of all the users. You would typically look for http://noteshost/names.nsf/$Users |
Web Exploration
- Firefox tricks
- Open page, and the in the address bar enter
javascript:alert(document.cookie)
to see the cookies.
- Lotus Notes
javascript:void(document.forms[0].submit())
will save a web form even if you have hidden the Save button!- catalog.nsf database obviously gives you a list of other databases that you can then look at.
Another interesting database is the Name & Address book (typically /names.nsf)
Depending on the version of Domino is running, you can try accessing the hidden $Users view of the Name & Address book. This view contains the unsalted HTTP password hashes of all the users. You would typically look for http://noteshost/names.nsf/$Users
- Open page, and the in the address bar enter
...