|Google Dork Description: OWA Public folders & Address book||GHDB-ID: 292|
|Google Search: inurl:root.asp?acs=anon||EDB-ID: N/A|
This search jumps right to the main page of Outlook Web Access Public Folders and the Exchange Address Book:.An attacker can use the addressbook to enumerate usernames anonymously without having to logon. These usernames can then be used to guess the mailbox passwords. An attacker can also browse the public folders to gather extra information about the organisation.