|
|
|
|
|
|
by XMPPwocky
3831 days ago
|
|
|
Yes. An attacker could send you a URL with a random query parameter, which would be ignored by Steam. But the response would be cached- with that query parameter. The attacker could then visit the URL themselves, and see private information. An attacker could also grab CSRF tokens from the page, and perform certain actions on a victim's account. |
|
|