Rockstar Games: Facebook OAuth Code Theft through referer leakage on support.rockstargames.com

2019-01-19T23:24:21
ID H1:482743
Type hackerone
Reporter netfuzzer
Modified 2019-02-19T18:52:16

Description

In this report, the researcher was able to discover a method to expose and exfiltrate Oauth tokens. This was done by injecting an <img> tag containing a payload pointing to the attacker's own domain into replies of Support Community forum threads. Once this was done, users operating under a particular set of conditions who opened the attacker's reply would have their Oauth token extracted by the attacker. This issue has been resolved with the researcher's help.