Rockstar Games: Referer Referer Header Leakage in language changer may lead to FB token theft

2020-05-10T15:29:40
ID H1:870062
Type hackerone
Reporter netfuzzer
Modified 2020-06-24T18:43:31

Description

In this report, the researcher discovered an open redirect vulnerability that could be exploited by changing the language on the page at https://www.rockstargames.com/GTAOnline, and cause the user's full URL (potentially including sensitive tokens) to be included in the Referer header to the new page. We have since resolved this issue and it is no longer exploitable.