Repaired Steam Exploit Explained by Devs and Community
2817 stea.jpg

Yesterday, a not-insignificant exploit in the Steam Community infrastructure was found and subsequently repaired. Amidst the panic and confusion, the developers provided information on the fix and the Steam community broke down exactly what the heck happened. On the r/Steam Reddit community, user DirtDiglett compiled everything anyone would need to know about the exploit and fix into one post. The wild part is the exploit was found in the “My Showcase” profile display option, where players could show off their favorite games, achievements and more. 

Essentially, the feature specifically related to sharing guides displayed whatever text the user entered. A guide could have a 128-character title, and up to four guides could be displayed at once. This was just enough of an opening for sneaky JavaScript abuse that could be used to “make market purchases without your knowledge, using your Steam funds, or it could silently redirect you to a phishing page.”

Fortunately, through the magic of not letting text display verbatim as users entered, the problem was addressed.

Source: Reddit

CheatCC Team
CheatCC Team
Date: 02/08/2017

02/08/2017 03:25PM


blog comments powered by Disqus
"Like" CheatCC on Facebook