Rockstar Games: Smuggle SocialClub's Facebook OAuth Code via Referer Leakage

2018-04-24T11:56:37
ID H1:342709
Type hackerone
Reporter 1hack0
Modified 2018-10-23T19:04:52

Description

In this report, the researcher provided a POC in which they were able to combine two issues to create a condition that potentially could have allowed an attacker to obtain OAuth tokens. One of the issues involved allowing external content to load in our Screenshot Viewer tool; we resolved this issue, which rendered the POC inoperable. We are still working on resolving the other issue, but without the ability to exploit the other issue, the impact is minimal.