Top navigation Players Media Awards Partners About
Change skin White Black
Partners Intel Medion ASRock Kingston Gamed.de

TOPIC

« Previous1Next »
Critical Steam Vulnerability

Today, a brazilian security researcher posted a PoC (proof of concept) of his steam vulnerability.

It’s possible to input JavaScript\HTML in Steam Store tab (inside Steam App.), using the Steam
Protocol (steam://) in a website.

An attacker can do phishing, redirecting the browser in Store tab to a malicious site, steal cookies, list the games that the victim account has, etc.

All the codes, screenshots, information (including the original advisory in PDF) and also a Video could be found in Gabriel Lima's (the author) blog:

http://www.falandodeseguranca.com/2009/05/vulnerabilidade-no-steam-phishing-e-xss-na-steam-store/

(in portuguese, with some information in english too)

Credits: Gabriel Lima - www.falandodeseguranca.com - gabriel (at) falandodeseguranca.com

 


« Previous1Next »

Partners In Win big ben Mionix