![]() So no, this is not possible unless the person is an employee of valve or has significant access to the system, in which case I doubt they'll waste their time scamming a few people out of their items when they have full access to the DB. Even then, I'd guess the attacker would still have to phish the potential victim into a xsite script to bypass any submission/backpack checks upon completion. ![]() The attacker would not be able to inject his own images past the checks without significant access to the system and bypasses to the limitations of the trade window. By using server side scripting to force people into a mutual trade window, managed by Steam servers they prevent someone from injecting code into the script. Valve already stops this type of "hack" as you call it.
0 Comments
Leave a Reply. |