Rockstar Games - HackerOne Reports
View on HackerOne104
Total Reports
3
Critical
18
High
59
Medium
24
Low
DOM Based xss on https://www.rockstargames.com/ ( 1 )
Reported by:
netfuzzer
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - DOM
Referer Leakge in language changer may lead to FB token theft.
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Information Disclosure
Modifying Sprunk vs eCola crew data
Reported by:
bugstar
|
Disclosed:
Low
Weakness: Insecure Direct Object Reference (IDOR)
Stored XSS on support.rockstargames.com
Reported by:
0x0luke
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $1000.00
Blind SSRF in emblem editor (2)
Reported by:
alexbirsan
|
Disclosed:
Medium
Weakness: Server-Side Request Forgery (SSRF)
Bounty: $1500.00
Dom based xss on /reddeadredemption2/br/videos
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM
Flash injection vulnerability on /IV/imgPlayer/imageEmbed.swf
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
Image Injection on /bully/anniversaryedition may lead to OAuth token theft.
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Information Disclosure
phpinfo() on graph.rockstargames.com exposes sensitive information
Reported by:
bugstar
|
Disclosed:
Low
Weakness: Information Disclosure
SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE
Reported by:
alexbirsan
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
Bounty: $1500.00
Image Injection on `/bully/anniversaryedition` may lead to FB's OAuth Token Theft.
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Information Disclosure
DOM BASED XSS ON https://www.rockstargames.com/GTAOnline/features
Reported by:
netfuzzer
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - DOM
Open redirect in https://www.rockstargames.com/GTAOnline/restricted-content/agegate/form may lead to Facebook OAuth token theft
Reported by:
netfuzzer
|
Disclosed:
Low
Weakness: Open Redirect
[IMP] - Blind XSS in the admin panel for reviewing comments
Reported by:
anshuman_bh
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Generic
Bounty: $650.00
Race condition vulnerability on "This Rocks" button.
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CSRF Vulnerability on https://signin.rockstargames.com/tpa/facebook/link/
Reported by:
netfuzzer
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
The return of the <
Reported by:
alexbirsan
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $1000.00
Exploiting Misconfigured CORS to Steal User Information
Reported by:
1hack0
|
Disclosed:
High
Weakness: Information Disclosure
Bounty: $500.00
Stored XSS via Send crew invite
Reported by:
fa1rlight
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored