This is My Second Writeup ,An old finding of mine.
So,this was year 2013 ,I guess Dec was the month. I was new to Bug hunting at that time. A starter in this field. I was searching around to hunt a site. Then I said why don't I try Steam. Its a big company surely it would have bugs in their services and probably they would reward (At that time Valve had no Proper Security Program). So I tested their main domain and no luck.
Then I tried
http://steamcommunity.com
Luckily the search Bar was vulnerable to XSS and simple XSS vector
"><img src=x onerror=prompt(1)>"
got executed
POC...
So Reported it and After 2-3 days Devs Replied ,confirming the Vulnerability. And Devs be like
So,I dig deeper and found 4 more XSS bugs and reported them.Their Response was quick and appreciable.
So as a Reward got some Swags and a Complete Valve game Bundle.
Muhammad Abdullah
So,this was year 2013 ,I guess Dec was the month. I was new to Bug hunting at that time. A starter in this field. I was searching around to hunt a site. Then I said why don't I try Steam. Its a big company surely it would have bugs in their services and probably they would reward (At that time Valve had no Proper Security Program). So I tested their main domain and no luck.
Then I tried
http://steamcommunity.com
Luckily the search Bar was vulnerable to XSS and simple XSS vector
"><img src=x onerror=prompt(1)>"
got executed
POC...
So Reported it and After 2-3 days Devs Replied ,confirming the Vulnerability. And Devs be like
So,I dig deeper and found 4 more XSS bugs and reported them.Their Response was quick and appreciable.
So as a Reward got some Swags and a Complete Valve game Bundle.
Muhammad Abdullah
No comments:
Post a Comment