Rockstar Games - HackerOne Reports
View on HackerOne104
Total Reports
3
Critical
18
High
59
Medium
24
Low
RDR2 game service method allows adding any player to a new Posse without consent
Reported by:
bugstar
|
Disclosed:
Medium
Weakness: Violation of Secure Design Principles
Image Injection vulnerability in www.rockstargames.com/IV/screens/1280x720Image.html
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Source Code Disclosure (CGI)
Reported by:
cyberunit
|
Disclosed:
Medium
Weakness: Information Disclosure
Bounty: $150.00
Stored XSS in Snapmatic + R★Editor comments
Reported by:
europa
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
SocialClub's Facebook OAuth Theft through Warehouse XSS.
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire
Reported by:
nahamsec
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
Control characters incorrectly handled on Crew Status Update
Reported by:
zuhnny1
|
Disclosed:
Low
Weakness: Code Injection
Bounty: $250.00
stored XSS (angular injection) in support.rockstargames.com using zendesk register form via name parameter
Reported by:
coldd
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $1000.00
dom based xss in https://www.rockstargames.com/GTAOnline/
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Information Disclosure
Found CSRF Vulnerability in https://support.rockstargames.com/
Reported by:
dhanjo
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
Bounty: $150.00
LFI and SSRF via XXE in emblem editor
Reported by:
alexbirsan
|
Disclosed:
Critical
Weakness: XML External Entities (XXE)
Bounty: $1500.00
CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php'
Reported by:
nahamsec
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Open Redirection effects autodiscover.rockstargames.com
Reported by:
osama-hamad
|
Disclosed:
Low
DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request
Reported by:
zombiehelp54
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
Open redirect affecting m.rockstargames.com/
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Open Redirect
Reflected XSS via Double Encoding
Reported by:
aowloop
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $500.00
Image Injection/XSS vulnerability affecting https://www.rockstargames.com/newswire/article
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft.
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
use of unsafe host header leads to open redirect
Reported by:
exception
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
Bounty: $300.00