Exploit AOL Instant Messenger 4.x - Unauthorized Actions

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21619
Проверка EDB
  1. Пройдено
Автор
ORB
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2002-2169
Дата публикации
2002-07-16
Код:
source: https://www.securityfocus.com/bid/5246/info


The AOL Instant Messenger client is prone to an issue which may allow maliciously crafted HTML to perform unauthorized actions (such as adding entries to the buddy list) on behalf of the user of a vulnerable client. This condition is due to how the client handles "aim:" URIs. These actions will be taken without prompting or notifying the user.

This issue was reported for versions of AIM running on Microsoft Windows and MacOS. The Linux version of the client is not affected by this vulnerability.

<META HTTP-EQUIV="refresh"CONTENT=0;URL=aim:addbuddy?listofscreennames=mindfliporg,mfliporb,mflipmax,mflips0nic,mflipzorcon&groupname=mindfliporg>

A web page loaded with the above code in the META REFRESH tag will
automatically add a group called mindfliporg and add the users mindfliporg, mfliporb, mflipmax, mflips0nic, mflipzorcon to buddy list.
 
Источник
www.exploit-db.com

Похожие темы