Bugtraq mailing list archives
Re: AOL Instant Messenger URL Crash
From: mad () skill org (Adam Brown)
Date: Tue, 20 Apr 1999 16:34:16 -0500
I'm sorry if I was unclear in my first post. The only way I've seen to exploit this is to send someone a hyperlink in the form of aim:addbuddy?=screenname and have them click on it. (replacing "screenname" with an actual screen name seems to give the same result) You can also set up a web page that will redirect your victim to a client crashing URL once they've caught on to your evil little scheme. :p I set up an example of this at http://www.fazed.net/poof for testing purposes, of course. Adam Brown SpunOne@IRC http://www.fazed.net http://www.webzone.net
I just sent <a href="aim:addbuddy?=screenname">what does this show up
as</a>?
to an AOL AIM 2.0.996 user and once she *clicked* on it AIM crashed. I
don't
know if you meant to say that the user had to click on it for the client
to
crash, or if this is indeed different behaviour. I also just tried it with "screenname" replaced with first her screenname, and then with mine, again with no automatic reaction. (sent from linuxkitty, a naim-0.9.4-parse2 user, to <victim>, an AOL AIM 2.0.996 user) [15:59:43] linuxkitty: [LINK:href="aim:addbuddy?=screenname":what does this show up as]? [16:00:23] Friend <victim> has just logged off :( [16:03:09] Friend <victim> is now online =) [16:14:14] linuxkitty: [LINK:href="aim:addbuddy?=<victim>":miaow miaow] (don't click on that, I'm just testing something) [16:14:50] linuxkitty: [LINK:href="aim:addbuddy?=linuxkitty":anoth er test...] -- Daniel Reed <n () ml org> Many a false step is made by standing still...
Current thread:
- Re: AOL Instant Messenger URL Crash Adam Brown (Apr 20)
- <Possible follow-ups>
- Re: AOL Instant Messenger URL Crash Eric L. Howard (Apr 21)
- Re: AOL Instant Messenger URL Crash Adam Herscher (Apr 21)
- Re: AOL Instant Messenger URL Crash Adam Herscher (Apr 21)