|Main Archive Page > Month Archives > full-disclosure-uk archives|
App.), using the Steam
Protocol (steam://) which can be exploited in a html page.
"steam://publisher/<name> Loads the specified publisher catalogue in the
Store. Type the
publisher's name in lowercase, e.g. activision or valve."
When using a publisher name that doesn't exist, Steam Store sends the value
to the search
system, which is vulnerable to XSS.
Store tab in Steam doesn't show the URL. Phishing is possible just
redirecting the victim to
the fake site.
VALVE was contacted in May 10, but they didn't reply anything (May 18).
Works in Internet Explorer.
Tested under Windows XP SP 3 and Windows Vista.
 Alert with text xss
 PHISING (in this example, it redirects to falandodeseguranca.com )
 Getting cookies:
Contact me: gabriel <at> falandodeseguranca.com