Re: AOL Instant Messenger URL Crash

[mad () skill org (Adam Brown)]

I'm sorry if I was unclear in my first post.  The only way I've seen to
exploit this is to send someone a hyperlink in the form of
aim:addbuddy?=screenname and have them click on it.  (replacing "screenname"
with an actual screen name seems to give the same result)  You can also set
up a web page that will redirect your victim to a client crashing URL once
they've caught on to your evil little scheme. :p  I set up an example of
this at http://www.fazed.net/poof for testing purposes, of course.

Adam Brown
SpunOne@IRC
http://www.fazed.net
http://www.webzone.net

> I just sent <a href="aim:addbuddy?=screenname">what does this show up
as</a>?
> to an AOL AIM 2.0.996 user and once she *clicked* on it AIM crashed. I
don't
> know if you meant to say that the user had to click on it for the client
to
> crash, or if this is indeed different behaviour. I also just tried it with
> "screenname" replaced with first her screenname, and then with mine, again
> with no automatic reaction.
>
> (sent from linuxkitty, a naim-0.9.4-parse2 user, to <victim>, an AOL AIM
> 2.0.996 user)
> [15:59:43] linuxkitty: [LINK:href="aim:addbuddy?=screenname":what
> does this show up as]?
> [16:00:23] Friend <victim> has just logged off :(
> [16:03:09] Friend <victim> is now online =)
> [16:14:14] linuxkitty: [LINK:href="aim:addbuddy?=<victim>":miaow
> miaow] (don't click on that, I'm just testing something)
> [16:14:50] linuxkitty: [LINK:href="aim:addbuddy?=linuxkitty":anoth
> er test...]
>
> --
> Daniel Reed <n () ml org>
> Many a false step is made by standing still...