Normally I wouldn't post things of this nature, but I thought it was = important enough. About a year ago, I found out that by sending the "Rw" = token to the AOL host while signed on along with the object's internal = id as arg, any user could get detailed info about any object on the = system. Included in this information is the user who created the object = and tons of other information like its current viewrule and AOL url. = This was all great for about a week until AOL officially fixed the hole. = Normally only internal users are allowed such access for security = reasons. Using this exploit, anyone can see headings in AOL's Network = Operations Center and look at user count information and AOL mothly = profits before they are even released. AOL put all there stuff = online...Anyways the hole still exists but is windowed for only about an = hour a day. I have no clue why and it seems random... For example = yesterday July 7th it existed between 6:30-7:30PM EST. Here is a sample = FDO88/91 that will create a button to the send the Rw token w arg and = help you exploit..fill the internal id with any number you wish to = see..i do have a listing of interesting id if anyone wants to follow = this further....and goodluck with the timing... man_start_object < trigger, "" > mat_relative_tag < 22 > act_replace_select_action <=20 uni_start_stream=20 sm_send_token_arg <"Rw", INTERNAL ID HERE> uni_end_stream=20 >=20 mat_precise_x < 0 >=20 mat_precise_y < 226 >=20 mat_font_sis < small_fonts, 7, normal>=20 mat_art_id < 1-0-21184 > mat_bool_default < yes >=20 man_end_object=20 comments questions.. mackkat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:51:52 PDT