Scary Vulnerability In Steam!!

DatDraggy · Feb 7, 2017

First of all, do not click ANY steam profile links.
If you wanna know why, here is a harmless example: http://steamcommunity.com/id/YiffInHell/

An exploit inside steam allows users to put HTML/JS code on their PROFILE PAGE.
That means they can execute code on your PC.

That includes making purchases on YOUR account, change your password, much more.

Be careful around steam until this is fixed.

THIS ALSO WORKS INSIDE THE STEAM BROWSER

________________________________

memethyl · Feb 7, 2017

specifically, steam doesn't seem to sanitize guide titles when showing them on profiles.

this means someone can put an <iframe> tag, or god forbid a <script> tag, in a guide title, and when their profile loads, the title is run as code.

it's code injection 101, basically.

DatDraggy · Feb 7, 2017

memethyl said: ↑

specifically, steam doesn't seem to sanitize guide titles when showing them on profiles.

this means someone can put an <iframe> tag, or god forbid a <script> tag, in a guide title, and when their profile loads, the title is run as code.

it's code injection 101, basically.
Click to expand...

Rip in pieces steam

captainganon · Feb 7, 2017

Well now how am I gonna sell my CSGO skins? I'll go out of business!

DatDraggy · Feb 7, 2017

Okay steam fixed it. You can browse steam again

Log in or Sign up

Scary Vulnerability In Steam!!

DatDraggy Untouchable HERO

memethyl the king of shitposting VIP+

DatDraggy Untouchable HERO

captainganon God of k | Derpalope VIP+

DatDraggy Untouchable HERO