(XSS) Account takeover using Steam

This story begins a couple of years ago. I was navigating through a gambling website (which I cannot disclose) when I decided I would search for vulnerabilities on it.

Usually, this is not a good practice since you don’t have permission to do so. Getting suited is always a risk. Anyway, I felt like it could be my lucky day, so I just went for it.

Reconnaissance

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
0x4KD

0x4KD

195 Followers

Bug Bounty Hunter, Full-Stack Web Developer & Tech Team Leader