1. 2017-02-07, 03:56 PM #1
    Jtbrig7390
    Jtbrig7390 is offline
    Void Lord Jtbrig7390's Avatar
    10+ Year Old Account
    Join Date
    Aug 2011
    Location
    USA
    Posts
    40,237

    Steam users warned after profile exploit discovered XSS marks the spot.

    http://www.eurogamer.net/articles/20...oit-discovered

    Steam users have today been warned to be careful browsing Steam - an XSS exploit has been discovered which could threaten your account's security.

    1
    The issue's existence was made public by a mod on Steam's official Reddit, and Steamdb has also confirmed the exploit to be worth taking note of - at least until Valve wakes up and fixes it.

    Steam users are warned to be careful opening any profile pages on the service, and to ignore any suspicious links.

    The exploit takes advantage of Steam's XSS (cross-site scripting) code which can be exploited to let others inject their own code. Anyone with the right know-how could harness your profile to perform actions on your behalf.

    Anyone who thinks they may have been affected should change their password, enable a mobile authenticator - and scan their system for malware.
    Check me out....Im └(-.-)┘┌(-.-)┘┌(-.-)┐└(-.-)┐ Dancing, Im └(-.-)┘┌(-.-)┘┌(-.-)┐└(-.-)┐ Dancing.
    My Gaming PC: MSI Trident 3 - i7-10700F - RTX 4060 8GB - 32GB DDR4 - 1TB M.2SSD
    Reply With Quote Reply With Quote
  2. 2017-02-07, 04:13 PM #2
    noidentity
    noidentity is offline
    Bloodsail Admiral noidentity's Avatar
    10+ Year Old Account
    Join Date
    Aug 2012
    Posts
    1,055
    From reddit: https://www.reddit.com/r/Steam/comme...lated_exploit/

    Currently, there is a risk (i.e. phishing, malicious script execution, etc.) involved when viewing or simply opening PROFILE pages of other steam users as well as your OWN activity feed (both desktop and mobile versions on all browsers including steam browser/chromium). I would advise against viewing suspicious profiles until further notice and disable JavaScript in your browser options. Do NOT click suspicious (real) steam profile links and Disable JavaScript on Browser. Appropriate information has been forward to Valve and this issue should be resolved soon, sorry for any inconvenience.

    Anyone (with knowledge of the exploit) who uses or abuses it FOR ANY REASON will RISK RECEIVING A COMMUNITY BAN.
    Keep in mind that any discussion on any exploit method is NOT allowed here and will result in a ban without warning. This post is intentionally vague, and will be kept that way due to the nature of this exploit.

    And to make it VERY clear: do NOT post profile links on this sub (temporarily), do NOT post proof of concepts (we have the repro steps and passed them on), do NOT post anything relevant that might provide information on how to do this exploit (incl. youtube links). This post is your warning.

    TO THOSE POSSIBLY AFFECTED:

    Change your Steam Account password, enable Mobile Authenticator if it's not on already (otherwise deauthorize other computers on Steam Guard on all systems from settings) then restart your modem/change IP. You might want to also consider scanning your system with a malware scanner/anti-virus.
    Please note this also includes your own steam profile.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Social Media

Services

My Account

Support

Advertise

Resources

Terms of Service

Privacy Policy

Our Communities

© 2023 Magic Find, Inc. All rights reserved.