Rockstar Games: Referer Referer Header Leakage in language changer may lead to FB token theft

ID H1:870062
Type hackerone
Reporter netfuzzer
Modified 2020-06-24T18:43:31


In this report, the researcher discovered an open redirect vulnerability that could be exploited by changing the language on the page at, and cause the user's full URL (potentially including sensitive tokens) to be included in the Referer header to the new page. We have since resolved this issue and it is no longer exploitable.