Do don't message me for help or how to..
Here a Post example of AOL Exploit Guide.(how to..)
Ever since the release of AOL's instant messenger program (AIM), there have been numerous exploits throughout the client, and through the web. This should not of been unexpected by the corporate Giant now holding over 100 Million users. However, these exploits are usually the same. By examining these HTML / JavaScript exploits, one can realize the lack of AOL's intelligence in patching these exploits.
HTML or Tamper Data exploits according to "PassWord Reset" (in forgot password.) have been discovered since the old MCTest servers, which are still appearing today (I will discuss this later). MCTest servers were the beginning of AIM on the internet. MCTest had the basic functions of retrieving a forgotten password, changing email, and editing profile. Most exploits are found in the Update Email and Forgot PassWord process. AOL's programming staff still keeps these servers online (Example: 1)
By using mIRC you can even find beta IPs on the same MCTest server where AOL Programmers are developing these reset forms (Which usually always have the same exploit). Editing HTML to security override forms is always seen with AOL. So the question is, are AOL's programmers so idiotic that they do not know HTML? Wrong. Actually these NetScape programmers are lazy. AOL purchased NetScape after becoming a ISP internet giant. NetScape programmers make all of AOL's screenname forms, including the exploitable ones. These exploits are usually found on weekends because these lazy programmers code everything and anything they can and publish it onto the web, then they leave work.
Incompetence will get you fired.
http://sns-certify.mc.aol.com explains that the server has been shutdown, wrong! Open up an IRC program such as mIRC and type in "/dns sns-certify.mc.aol.com" without the magic quotes. We get the IP for this server, now by entering this IP again "/dns 64.12.144.105" we find many other forms on the old MCTest server, how ironic. This server isn't necessarily shutdown, but we have probally discovered many more exploitable forms where AOL has stopped the programming of.
AOL patches these exploits farely slow as well, it usually has to be reported by an aimer to OpsSec (Operations Security) in order to even get recognized. These exploits are very lethal, because they usually last for a couple days which allows multiple screenname jackings as well as multiple more exploits to be found with the same form which often makes weird, and strange looking screennames. This is when AOL finally comes into realization and takes the form down temporarily to put it on a "https://" server which really isn't the case of the exploit. HTML editing has always been present on AOL via http:// or https://
When will AOL ever learn?
By viewing the source to many AOL pages, you will find Input boxes which consist of the screenname (Or in the recent case, a encoded form of the screenname) which then allows to proceed to the next form to do the final objective. Note, you have to provide information to proceed, but since AOL puts the easy-to-tamper with submissions inside the same form it's fairly easy to edit. Editing these forms usually only takes one line, but I have seen some forms which contain multiple lines to edit. The recent rndNo # was a encoded form of the screenname which was encoded from the previous form. By just submitting a screenname on this form, you get the encoded # of the screenname. By simple copying the actual reset page, and editing the rndNo # input box, you can easily reset any password in the AOL database.
AOL takes this forms down usually by replacing the actual page, but still keeps the other files online. Saving the exploitable source usually allows you to "DNS" another server and do the process over again.
good luck skid. hacked=uskid
Here a Post example of AOL Exploit Guide.(how to..)
Ever since the release of AOL's instant messenger program (AIM), there have been numerous exploits throughout the client, and through the web. This should not of been unexpected by the corporate Giant now holding over 100 Million users. However, these exploits are usually the same. By examining these HTML / JavaScript exploits, one can realize the lack of AOL's intelligence in patching these exploits.
HTML or Tamper Data exploits according to "PassWord Reset" (in forgot password.) have been discovered since the old MCTest servers, which are still appearing today (I will discuss this later). MCTest servers were the beginning of AIM on the internet. MCTest had the basic functions of retrieving a forgotten password, changing email, and editing profile. Most exploits are found in the Update Email and Forgot PassWord process. AOL's programming staff still keeps these servers online (Example: 1)
By using mIRC you can even find beta IPs on the same MCTest server where AOL Programmers are developing these reset forms (Which usually always have the same exploit). Editing HTML to security override forms is always seen with AOL. So the question is, are AOL's programmers so idiotic that they do not know HTML? Wrong. Actually these NetScape programmers are lazy. AOL purchased NetScape after becoming a ISP internet giant. NetScape programmers make all of AOL's screenname forms, including the exploitable ones. These exploits are usually found on weekends because these lazy programmers code everything and anything they can and publish it onto the web, then they leave work.
Incompetence will get you fired.
http://sns-certify.mc.aol.com explains that the server has been shutdown, wrong! Open up an IRC program such as mIRC and type in "/dns sns-certify.mc.aol.com" without the magic quotes. We get the IP for this server, now by entering this IP again "/dns 64.12.144.105" we find many other forms on the old MCTest server, how ironic. This server isn't necessarily shutdown, but we have probally discovered many more exploitable forms where AOL has stopped the programming of.
AOL patches these exploits farely slow as well, it usually has to be reported by an aimer to OpsSec (Operations Security) in order to even get recognized. These exploits are very lethal, because they usually last for a couple days which allows multiple screenname jackings as well as multiple more exploits to be found with the same form which often makes weird, and strange looking screennames. This is when AOL finally comes into realization and takes the form down temporarily to put it on a "https://" server which really isn't the case of the exploit. HTML editing has always been present on AOL via http:// or https://
When will AOL ever learn?
By viewing the source to many AOL pages, you will find Input boxes which consist of the screenname (Or in the recent case, a encoded form of the screenname) which then allows to proceed to the next form to do the final objective. Note, you have to provide information to proceed, but since AOL puts the easy-to-tamper with submissions inside the same form it's fairly easy to edit. Editing these forms usually only takes one line, but I have seen some forms which contain multiple lines to edit. The recent rndNo # was a encoded form of the screenname which was encoded from the previous form. By just submitting a screenname on this form, you get the encoded # of the screenname. By simple copying the actual reset page, and editing the rndNo # input box, you can easily reset any password in the AOL database.
AOL takes this forms down usually by replacing the actual page, but still keeps the other files online. Saving the exploitable source usually allows you to "DNS" another server and do the process over again.
good luck skid. hacked=uskid