Portal:AOL-Files/Articles/Quick Checkout Loophole
(Originally by AOL-Files staff member Tau)
"AOL Quick Checkout allows you to store credit card and shipping information at a secure site on AOL's computers. That way, when you're shopping at merchants that offer AOL Quick Checkout, you can checkout quickly and safely without having to manually enter your payment and shipping information each time," according to the Help section at AOL Quick Checkout.
While scanning tokens for a list that will soon be posted on this site, AOL-Files.com, I came across a form and I was amazed to see that it had billing and credit card information on it. After realizing that the information was not for the account I was signed on I researched it further. Apparently, the account had once been registered with Quick Checkout and I was now able to view very vital information about that account. I could not only view but also edit the person's first and last name, address, phone number, credit card type, last 4 digits, expiration date, etc.
I tried it again but the same woman's information appeared. I closed AOL then reopened it and tried the trick again. This time with another account's information. This was really interesting. I did this again and again and kept getting different accounts billing information.
I can only guess that account information is still in the AOL database and that it is somehow being put on this form when I access it.
To do this you need to access the kB then the kE token. If you do not know how to send tokens read this token tutorial.
- kB will bring up a message box saying, "Sorry, Product is Not Available At This Time."
- kE will bring up the main Quick Checkout window. Some people do not get any information on this window for a reason unknown.
Clicking "Add/Edit Your Address Book" allows you to see the full Shipping information associated with that account and clicking "Add/Edit Your Credit Cards" allows you to see the credit card information. This includes the type of credit card, last four digits of the pin, expiration date, and phone number. Modification of the account is also possible from this window.
[11-23-00] Note: AOL fixed the Quick Checkout loophole