Rockstar Games: Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.

In this report, the researcher identified a series of vulnerabilities that could be exploited together to exfiltrate sensitive user tokens. In this attack chain, one critical step was an image injection vulnerability in the Screenshot-Viewer function on the main site, at...

Rockstar Games: image injection /screenshot-viewer/responsive/image (ANOTHER FIX BYPASS)

In this report, the researcher was able to identify an oversight in our input filtering put in place to fix previous findings in the screenshot-viewer utility on the main website. Thanks to this report, we were able to improve our solution to prevent bypasses such as this one...

Rockstar Games: Image injection on /screenshot-viewer/responsive/image ( FIX BYPASS)

In this report, the researcher identified an image injection issue in the screenshot-viewer utility on our website that could be combined with other vulnerabilities to result in sensitive token theft. We were able to quickly push out an update to resolve the image injection issue, thereby...

Rockstar Games: Image Injection on www.rockstargames.com/screenshot-viewer/responsive/image may allow facebook oauth token theft.

In this report, the researcher identified an image injection vulnerability in our screenshot-viewer utility on rockstargames.com. One of the input parameters utilized was not being properly filtered, and external URLs could be referenced, allowing off-site images to be called. This issue was...

Rockstar Games: Stealing Facebook OAuth Code Through Screenshot viewer

In this report, the researcher demonstrated a way to combine multiple vulnerabilities to potentially allow an attacker to extract Oauth tokens from a victim's session. This was done by taking advantage of an image injection vulnerability in the Screenshot Viewer utility as well as additional...