On Thursday 06 September 2001 06:26 pm, you said: > The following is a Security Bulletin from the Microsoft Product Security > Notification Service. > ---------------------------------------------------------------------- > Title: OWA Function Allows Unauthenticated User to Enumerate > Global Address List I thought this was a feature ;) To dump the complete GAL: http://exchangesvr/exchange/finduser/fumsg.asp If the site has more entries than the maximum defined or the default of 9999, you will get back an error message saying: "This query would return too many addresses!" In this case you need to create a html form with the action set to the fumsg.asp script using POST method. Use the following variables to narrow down the result set: DN (Display Name) FN (First Name) LN (Last Name) TL (Title) AN (Alias) CP (Company) DP (Department) OF (Office) CY (City) If you get redirected back to the logon page immediately, it means that you must establish a session with your browser first. To do that, just browse to: http://exchangesvr/exchange/LogonFrm.asp?mailbox=&isnewwindow=0 Enjoy. -- H D Moore http://www.digitaldefense.net - work http://www.digitaloffense.net - play
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 19:16:15 PDT