CS Money: Able to blocking users with 2fa from login into their accounts by just knowing the SteamID

A vulnerability was discovered where an attacker could block users with two-factor authentication from logging into their accounts on a website by modifying the steamid cookie in the two-factor authentication code confirmation request. By changing the steamid cookie to the victim's and sending...

CS Money: Отправка писем с произвольным текстом/кликабельными ссылками любому зарегистрированному пользователю с указанной почтой, зная только steamid

Using a third-party service GetResponse used on the project and the 2FA deactivation functionality combined, a hacker found a way to send arbitrary text to any user, knowing only the victim's SteamID. The vulnerability relied on: 1. Invalid cookie management in request; 1. No additional validatio...

CVE-2010-0980

SQL injection vulnerability in player.php in Left 4 Dead L4D Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter...

Sql injection

SQL injection vulnerability in player.php in Left 4 Dead L4D Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter...

CVE-2010-0980

SQL injection vulnerability in player.php in Left 4 Dead L4D Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter...