Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS in AOL.com and subdomains
Posted by: gerry
Date: December 13, 2007 02:29PM

I think AOL's dev team needs to read a few docs about web security. You can basically pick a sub domain, page, and variable and most of the time its not filtered. Ok so maybe its not THAT bad, but its pretty freakin close.

[autos.aol.com]
[finance.aol.com]
[account.login.aol.com]

more here:
[www.hiredhacker.com]

-g
[hiredhacker.com]

Options: ReplyQuote
Re: XSS in AOL.com and subdomains
Date: December 16, 2007 04:19PM

I've found a large number of vulnerabilities in AOL's subdomains and also their software. The "beta" subdomain contains a few, and on my own site I released a script to decode the cookies used on their site (it's simply base64 and something else if I remember correctly).

Options: ReplyQuote


Sorry, only registered users may post in this forum.