AOL/AIM Exploits · January 27, 2014 0

Restricted Suffix Screen Names

Date December 10, 2000
Founded Evergrace
Submitted By O0O and rogers
Source AOL-Files.com/FDO-Files.com Archive

AOL added a new feature to the kw: Names sub-account creation proccess. If a screen name you wanted was unavailable a form would come up asking you to enter three words and then AOL would automatically make an SN for you based on these three words.

The n* token which ran this process did not have a restricted sn check after the 10th character. Which meant any restricted characters after the 10th would be allowed. Screen names created using this exploit included “YouMotherFucker”, “IownSteveCase”, “hahIhaveaGuide”, etc

AOL tried to change the sub-account proccess back to the original one in order to kill this exploit. However, the f1 invoke 41-53188 to the form was still alive and could be used to continue to make restricted suffix screen names. This was finally fixed by killing the form and modifying the token which allowed this in the first place.