TOPIC
« Previous1Next »
Critical Steam Vulnerability
Today, a brazilian security researcher posted a PoC (proof of concept) of his steam vulnerability.
It’s possible to input JavaScript\HTML in Steam Store tab (inside Steam App.), using the Steam
Protocol (steam://) in a website.
An attacker can do phishing, redirecting the browser in Store tab to a malicious site, steal cookies, list the games that the victim account has, etc.
All the codes, screenshots, information (including the original advisory in PDF) and also a Video could be found in Gabriel Lima's (the author) blog:
http://www.falandodeseguranca.com/2009/05/vulnerabilidade-no-steam-phishing-e-xss-na-steam-store/
(in portuguese, with some information in english too)
Credits: Gabriel Lima - www.falandodeseguranca.com - gabriel (at) falandodeseguranca.com
It’s possible to input JavaScript\HTML in Steam Store tab (inside Steam App.), using the Steam
Protocol (steam://) in a website.
An attacker can do phishing, redirecting the browser in Store tab to a malicious site, steal cookies, list the games that the victim account has, etc.
All the codes, screenshots, information (including the original advisory in PDF) and also a Video could be found in Gabriel Lima's (the author) blog:
http://www.falandodeseguranca.com/2009/05/vulnerabilidade-no-steam-phishing-e-xss-na-steam-store/
(in portuguese, with some information in english too)
Credits: Gabriel Lima - www.falandodeseguranca.com - gabriel (at) falandodeseguranca.com
« Previous1Next »
