Valve: CSRF | Ban or unban users in broadcast's chat

Steps to reproduce Start broadcast Attacker needs to craft special HTML page Get broadcast's steam idit contains in URL: https://steamcommunity.com/broadcast/watch/STEAM ID/ If attacker wants to unban somebody, he needs to create HTML page like this: document.getElementById"csrf-form".submit Unba...