Mac "as" token Exploit (Indented Screen Names)
Discovered By:
Hypah
Date:
Early 2000
Patched:
n/a
Using the same language code principles he discovered when finding the Aa
token exploit, Hypah was able to figure out a way to make 2 character
indented screen names.
Although, at first Hypah figured out you could hijack AIM screen names
doing this. During the account creation proccess the as token, which sets
your screen name, did not check the language code bytes against any of
AOL's restricted sn/already in use sn lists. This allowed AIM screen
names that already existed to be created on AOL. The only restriction is
that after the first 2 chars of the sn, the remaining characters can not
form an sn already in existence since that is checked by AOL's reserved sn
list.
About a month after discovering all of this Hypah figured out indents
could be made.
Contributed By:
O0O and Hypah
|
