Accepted 76561197998707143 (denes)

Hijacker :
| steamname: BETS.TF | Dénes ☯
| steamID32: STEAM_0:1:19220707
| steamID64: http://steamcommunity.com/profiles/76561197998707143
| customURL: http://steamcommunity.com/id/denes123
| steamrep: http://steamrep.com/profiles/76561197998707143

Alt Account :
| steamname: Tradebot Name
| steamID32: STEAM_0:0:66802129
| steamID64: http://steamcommunity.com/profiles/76561198093869986
| customURL:
| steamrep: http://steamrep.com/profiles/76561198093869986

additional info :​

he runs site ​

http://bets.tf/​

paypal email - [email protected]​

country - Hungary​

Victim :
| steamname: bharat
| steamID32: STEAM_0:0:17856096
| steamID64: http://steamcommunity.com/profiles/76561197995977920
| customURL:
| steamrep: http://steamrep.com/profiles/76561197995977920


Description :

Hello,

I am owner of www.tf2buy.com
This hijacker stole items from my shop.He knows coding/programming

Here is screenshot of bot inventory history showing items traded away.
http://puu.sh/4vRo2.jpg

selling on outpost
http://www.tf2outpost.com/user/76561198093869986

my friend took screenshot of chat.
http://puu.sh/4GxYo.png

posted report on outpost but admin told me to report here.
http://steamcommunity.com/groups/tf2outpost/discussions/15/864979883842717158/

If you need any more help then feel free to add me/comment on my profile.

Hey! Could you upload Your screenshots via "Upload a File" button?

he runs site

http://bets.tf/


You're wrong man its not my site. I am just the developer of this site.
Also your bots gave the items to me not you.
Its not hijacking because your webshop does not work properly.
Get a better coder next time idiot.

Leaving some notes.

Basically the site got hijacked in the form of a insertion of a JavaScript into the registration / profile editor. Once that was in place, and a admin reviews new logins/users on the site etc, the Javascript got called (for its in his overview) which pulled the cookie of the admin and send it to the scammer. The scammer then inserted the cookie in his own browser and could access the site with admin access, and then do all he wanted, which was scamming for a number of items.

The site needs to review the mandatory rules of their forms, allowing only letters and @ and the . (dot). instead of all the crap, or properly escape such code ( <>/\"" ' ' etc, etc, etc). And as a additional, allow only a certain LENGTH, of say 10 characters for the first and last name and NO other type of characters, and preselect a number of mail providers (gmail, live.com, yahoo, etc etc) with same kind of rules. (might need to allow . and - and ofc the alfanumeric chars)

cant believe that such wasn't properly escaped :S

Hidden Content:

**Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).**

Thank you for your report, Denes has been marked
Please take measures to ensure that your website's vulnerabilities are patched in order to prevent this from occurring again.