Mac “as” token Exploit (Indented Screen Names)

Date Early 2000
Founded Hypah
Submitted By O0O and Hypah
Source AOL-Files.com/FDO-Files.com Archive

Using the same language code principles he discovered when finding the Aa token exploit, Hypah was able to figure out a way to make 2 character indented screen names.

Although, at first Hypah figured out you could hijack AIM screen names doing this. During the account creation proccess the as token, which sets your screen name, did not check the language code bytes against any of AOL’s restricted sn/already in use sn lists. This allowed AIM screen names that already existed to be created on AOL. The only restriction is that after the first 2 chars of the sn, the remaining characters can not form an sn already in existence since that is checked by AOL’s reserved sn list.

About a month after discovering all of this Hypah figured out indents could be made.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply