Counter-Strike 2 XSS Exploit IP Capturer POC
Recently there has been a discovery that allows one to embed a HTML image tag into the vote kick window of panorama in Counter-Strike 2.
A PHP script posing as an image can be used to steal the IP addresses of the players connected that load up that image on their game client.
ip address
valve owned by html
dead that bro took 5 attempts to write "callvote" LMAOOO
is it because of innerHTML ?
So this onky works if the attacker is in your team and starts a vote kick? So when you play five man with the boys, you are just fine?
Valve shits on its players. Neither the servers closed nor their players informed about it. Absolutely unworthy behavior for such a large company. Game and Steam permanently deleted.
i had this shit for 2 months who leaked it
so what? its just ip .. they cant do shit
Based gentleman playing the Ratchet and Clank 3 multiplayer lobby music.
This isn't XSS.
nice and safe!
Ayo, I have been playing CS2 for the past few days until I know about this now. I did witness some spam kicks in casual game and voted. So I am fucked basically right?
That explains why yesterday in my casual matches vote kick kept coming up a lot. I thought it was strange.
gg
if I dont vote, can I still get fucked?
After cs2 release. I tested community servers too who is exterrnal. I searched for cs2 server and my Kaspersky Plus says Trojan reported from ip….face-orange-biting-nails I was just looking for community servers, not joining. WTF. And valve gameservers is open door too wtf xD and i found only bot servers full servers what ever seems like all honeypots !
Just use a VPN.
It’s so funny to close applications of other players 😂😂
patched
t,fnm
Does this work when you use the sanitized names option?
show your own ip bud
Valve is amazing😂