Link filter protection bypass

Disclosed: 2018-05-09 22:24:05 By ramsexy To valve

Medium

Vulnerability Details

## Description Hi, there is a protection bypass in the linkfilter function. By using the character 。 (%E3%80%82 url encoded) instead of a normal dot in urls, it is possible to bypass the blocking. ## PoC Normal request : https://steamcommunity.com/linkfilter/?url=pornhub.com {F240919} Bypass : https://steamcommunity.com/linkfilter/?url=pornhub%E3%80%82com {F240920}

Actions

View on HackerOne

Report Stats

Report ID: 291750
State: Closed
Substate: resolved
Upvotes: 53

Link filter protection bypass

Vulnerability Details

Actions

Report Stats

Share this report