There was an exploit I found on AOL’s PSO Training server. It has been fixed. The exploit worked like this:
http://psotms.web.aol.com/logon/request_success_2.asp?SN=ADMINISTRATOR SN&user_group=4096
Now, if you were not an internal or overhead, the user_group would be changed to some other default number I don’t recall (3096 i think). If you changed the number to 4064 you could login with ANY SN. Including yours or even an administrator.When logged in as administrator you could download their database which included a nice list of internal SN’s. You could edit any course, edit any one’s profile, and a few other neat things. As the database is an Access database, you could easily open it with Microsoft Office. It included the whole entire code on how the db worked and such. Here are some screen shots of what it looks like inside since now the exploit as been fixed.
-JTM
