(XSS) Account takeover using Steam
This story begins a couple of years ago. I was navigating through a gambling website (which I cannot disclose) when I decided I would search for vulnerabilities on it.
Usually, this is not a good practice since you don’t have permission to do so. Getting suited is always a risk. Anyway, I felt like it could be my lucky day, so I just went for it.