Re: America Online Token Hole

From: Zero Divide (o0oat_private)
Date: Wed Jul 14 1999 - 22:47:33 PDT

Next message: Simple Nomad: "NMRC Advisory: Netware 5 Client Hijacking"

Previous message: klepto: "more detail and summary of kod.c (igmp bug for windows)"
Maybe in reply to: Kevin Mack: "America Online Token Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Programmable AOL buttons are written in FDO(Form Display 
Operation).  You can compile these forms using AOL's Visual 
Publisher Designer tool.  

As for this Rw token nonsense.  The Rw token exploit was 
discovered in early 1998 by Slushie and Uaert, not by this 
Mackk person.  I don't know who he is or why he even 
brought up this exploit on Bug traq.  

The Rw token was used when AOL accounts with Rainman 
publishing rights had access to two or more Rainman 
Groups.  Since objects could have the same external ID and 
be in different Rainman Groups, AOL designed the Rw token 
to allow you to choose the particular Rainman Group you 
wanted the EOI feedback displayed from.  After AOL patched 
the Rw in early 1998, Rainman users were no longer able to 
get a list of all the objects using the same external ID.  
Instead they had to type in the Rainman group AND the 
external ID in order to view the EOI feedback i.e "1928.tos 
blah"  

I fail to see why the Rw token would still work in this one 
hour time slot because the function it performs is now 
obsolete.  Of course, this is AOL we are talking about and 
they are not known for running the most efficient and 
secure service.  

ZD
<<<I had contacted the person who posted this information.  
It seems that AOL has contacted him and he refuses to talk 
about this if you ask about it.

Does anyone have any information on how to make your own 
programmable buttons for aol?

granny

About a year ago, I found out that by sending the "Rw" 
token 
to the AOL host while signed on along with the object's 
internal id as arg, any user could get detailed info about 
any object on the system.

man_start_object < trigger, "" >
mat_relative_tag < 22 >
act_replace_select_action
< 
uni_start_stream 
sm_send_token_arg <"Rw", INTERNAL ID HERE>
uni_end_stream 
<FONT COLOR="#222255">> </FONT>
mat_precise_x < 0 > 
mat_precise_y < 226 > 
mat_font_sis < small_fonts, 7, normal> 
mat_art_id < 1-0-21184 >
mat_bool_default < yes > 
man_end_object 

comments questions..   <A 
HREF="mailto:<A 
HREF="mailto:mackkat_private">mackkat_private</A>"><A 
HREF="mailto:mackkat_private">mackkat_private</A></A>

>>>>

Next message: Simple Nomad: "NMRC Advisory: Netware 5 Client Hijacking"
Previous message: klepto: "more detail and summary of kod.c (igmp bug for windows)"
Maybe in reply to: Kevin Mack: "America Online Token Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:24 PDT