Rockstar Games: Facebook OAuth Code Theft through referer leakage on

ID H1:482743
Type hackerone
Reporter netfuzzer
Modified 2019-02-19T18:52:16


In this report, the researcher was able to discover a method to expose and exfiltrate Oauth tokens. This was done by injecting an <img> tag containing a payload pointing to the attacker's own domain into replies of Support Community forum threads. Once this was done, users operating under a particular set of conditions who opened the attacker's reply would have their Oauth token extracted by the attacker. This issue has been resolved with the researcher's help.