CSRF Vulnerability allows attackers to steal SocialClub private token.

The researcher was able to combine a Flash exploit with a CSRF vulnerability in order to obtain sensitive user tokens from https://socialclub.rockstargames.com/profileedit/GetTokens. This page is ordinarily only called in a secure fashion such that an attacker is unable to see another user's tokens, but in conjunction with a secondary Flash-based XSS vulnerability, the researcher was able to bypass this protection. With the researcher's help we were able to resolve this vulnerability.