1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

XenForo Software

Discussion in 'Discussion Archive' started by delta9, Mar 20, 2019.

  1. delta9

    delta9 New User

    I assume you already are aware of it, but just in case you arent: The XenForo Forum seems to be suspectible to several exploits as noted by a quick websearch.

    I.e https://www.exploit-db.com/exploits/39849

    Now, while atleast one of those doesnt work (i admit, i tried a rather non intrusive variant of the code in that Example) there might be a reason for concern IF the "2010-2014" note at the very end of this page is real and not a spoofed date that is put there to troll people like me that have their White hats on and are equally bored as me.

    Relax, Don't forget to drink water, and have a nice day
  2. Lava

    Lava Public Relations SteamRep Admin

    SteamRep Admin:
    Kudos to you for looking out for other websites like that like that and disclosing your findings. I've done a little of that myself, though not quite in a professional context.

    In the future though, please use our contact form for responsible disclosures, ("Contact Us" link at the bottom of this forum or the contact form on the OFPF website) instead of posting things like this publicly. I've found and reported exploits here myself (before joining staff), and seen others do the same, so I can attest firsthand you'll get a response (you could also email me via pr[at]steamrep.com if you feel you're not getting anywhere) and things will get fixed, generally rather quickly.

    I'm afraid we cannot discuss the state of our infrastructure publicly, so I'll have to close your thread (sorry). But your concerns have been relayed to our developer.
    [M&C] TheBluekr and schmed like this.