COMMAND

    Lotus Domino web interface for access to Lotus Notes

SYSTEMS AFFECTED

    Systems running running Domino

PROBLEM

    A Domino URL is  broken into several parts.   The IP address,  the
    database path, an unknown ID (in hex), a document ID (in hex)  and
    then  the  command.    In  the  example   below  the  command   is
    OpenDocument

        http://199.99.99.99/database.nsf/e1466a8590/6048076233?OpenDocument

    (The hex  strings have  been shortened  in this  example. They are
    actually 32 chars each.)

    A Domino page for displaying  a document may have hyperlinks  that
    link to commands  to edit or  delete the document.   You can  find
    many web sites where these  hyperlinks have been left out  to keep
    users from editing the documents.

    You can edit the  URL in your browser  to recreate the links  that
    have been left out.   If the permissions on  the document are  not
    configured  properly  to  deny  edit  permission  or  deny  delete
    permission then you will be able to edit or delete the document.

    If the Domino  site has permissions  set to deny  editing, you may
    still be presented with the edit form for the document.  You  will
    not be  able to  submit your  edits however.   Sometimes the  edit
    form contains information  not visible in  the display version  of
    the document.    This is often the  case since it is  assumed that
    this page was inaccessible by not providing the edit link.

    To  edit  the   document  in  the   example  above,  replace   the
    OpenDocument command at the end  of the URL with EditDocument.  To
    delete a document replace it with DeleteDocument.

        http://199.99.99.99/database.nsf/e146fa8590/6148076233?EditDocument
        http://199.99.99.99/database.nsf/e146fa8590/6148076233?DeleteDocument

    You can assume the identity  of another user by creating  your own
    edit form by saving  the HTML for an  edit form for a  document to
    your local  disk, editing  the document  ID to  that of a document
    created by  another user,  and submitting  the new  form from your
    browser.  The new document  will appear in Domino to  be submitted
    by the assumed user.

    Get to an edit form by creating a new document or editting one  of
    your  own.   Or,  if  you  don't  have  permission, use one of the
    methods outlined above.   Save this to disk.  It will have a  HTTP
    POST command in it like this:

        <FORM METHOD=post ACTION="/database.nsf/cefaeed3/4755eed75d?SaveDocument" ENCTYPE="multipart/form-data">

    (the hex values have been shortened from 32 characters)

    First  add  in  the  absolute  address  for the Domino site to the
    beginning of the URL like this:

        <FORM METHOD=post ACTION="http://199.99.99.99/database.nsf/cefaeed3/4755eed75d?SaveDocument" ENCTYPE="multipart/form-data">

    Replace  the  hex  value  before  ?SaveDocument with the hex value
    from a document created by another user.  This will appear in  the
    URL to  display another  document as  in the  examples above. Save
    the file and load it into your browser.  Now fill in the form  and
    use the submit button.  A  new document will appear in the  Domino
    database as  entered by  the assumed  identity.   This document is
    L0pht copyright.