inurl:Dialin/Conference.aspx

  • 日期:2016-08-05
  • 类别:
  • 作者:anonymous
  • 语法:inurl:Dialin/Conference.aspx
  • # Exploit Title: Google dork to discover Lync Server 2013

    # Google Dork: inurl:Dialin/Conference.aspx

    # Date: 2016-08-03

    # Exploit Author: @nyxgeek

    # Vendor Homepage: microsoft.com

    This search reveals Lync Server 2013 dialin login pages. A user

    enumeration

    timing attack can be performed against these pages. Long response time

    indicates that the username is invalid. Short response time indicates

    that

    you have a valid username.