OkCupid: Rosetta flash vulnerability in clientstats AJAX script

ID H1:37786
Type hackerone
Reporter bitquark
Modified 2015-02-20T19:34:57


An ajax script on the main okcupid.com domain allows an attacker to set an arbitrary callback function name, allowing exploitation of the Rosetta Flash vulnerability to steal any data from the victim's account. Note that the vulnerability exploits an issue with Flash which was fixed in, however many users have yet to update.

The vulnerable script can be found at: https://www.okcupid.com/apitun/clientstats?callback=hello_from_bitquark