Home page logo

bugtraq logo Bugtraq mailing list archives

Re: America Online Token Hole
From: o0o () HOTMAIL COM (Zero Divide)
Date: Thu, 15 Jul 1999 05:47:33 -0000

Programmable AOL buttons are written in FDO(Form Display 
Operation).  You can compile these forms using AOL's Visual 
Publisher Designer tool.  

As for this Rw token nonsense.  The Rw token exploit was 
discovered in early 1998 by Slushie and Uaert, not by this 
Mackk person.  I don't know who he is or why he even 
brought up this exploit on Bug traq.  

The Rw token was used when AOL accounts with Rainman 
publishing rights had access to two or more Rainman 
Groups.  Since objects could have the same external ID and 
be in different Rainman Groups, AOL designed the Rw token 
to allow you to choose the particular Rainman Group you 
wanted the EOI feedback displayed from.  After AOL patched 
the Rw in early 1998, Rainman users were no longer able to 
get a list of all the objects using the same external ID.  
Instead they had to type in the Rainman group AND the 
external ID in order to view the EOI feedback i.e "1928.tos 

I fail to see why the Rw token would still work in this one 
hour time slot because the function it performs is now 
obsolete.  Of course, this is AOL we are talking about and 
they are not known for running the most efficient and 
secure service.  

<<<I had contacted the person who posted this information.  
It seems that AOL has contacted him and he refuses to talk 
about this if you ask about it.

Does anyone have any information on how to make your own 
programmable buttons for aol?


About a year ago, I found out that by sending the "Rw" 
to the AOL host while signed on along with the object's 
internal id as arg, any user could get detailed info about 
any object on the system.

man_start_object < trigger, "" >
mat_relative_tag < 22 >
sm_send_token_arg <"Rw", INTERNAL ID HERE>
<FONT COLOR="#222255">> </FONT>
mat_precise_x < 0 > 
mat_precise_y < 226 > 
mat_font_sis < small_fonts, 7, normal> 
mat_art_id < 1-0-21184 >
mat_bool_default < yes > 

comments questions..   <A 
HREF="mailto:mackk () rpi edu">mackk () rpi edu</A>"><A 
HREF="mailto:mackk () rpi edu">mackk () rpi edu</A></A>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]