Rockstar Games: Smuggle SocialClub's Facebook OAuth Code via Referer Leakage

ID H1:342709
Type hackerone
Reporter 1hack0
Modified 2018-10-23T19:04:52


In this report, the researcher provided a POC in which they were able to combine two issues to create a condition that potentially could have allowed an attacker to obtain OAuth tokens. One of the issues involved allowing external content to load in our Screenshot Viewer tool; we resolved this issue, which rendered the POC inoperable. We are still working on resolving the other issue, but without the ability to exploit the other issue, the impact is minimal.