Rockstar Games: Image injection /br/games/info may lead to phishing attacks or FB OAuth theft.

In this report, the researcher identified an attack chain that could result in an attacker stealing sensitive user tokens such as Oauth tokens via full URL inclusion in the Referer header. One step of this attack involved an image injection exploit on localized versions of the games/info section ...

Rockstar Games: Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft

In this report, the researcher demonstrated a method to chain together separate vulnerabilities that, under certain conditions, could cause a user's Facebook Oauth tokens to leak via the Referer header. The specific vulnerability that was addressed in this report was the image injection component...