Rockstar Games: Stored XSS with CRLF injection via post message to user feed

2017-08-25T10:35:37
ID H1:263191
Type hackerone
Reporter fa1rlight
Modified 2017-09-18T17:07:47

Description

In this report, the researcher was able to demonstrate a Stored XSS vulnerability in User Feeds. This vulnerability leveraged CRLF injection in order to bypass existing filters and execute the payload. With their help we were able to improve our filtering and sanitization rules in order to prevent this and similar attacks.