Skip to content

Latest commit

 

History

History
100 lines (99 loc) · 14 KB

TOPROCKSTARGAMES.md

File metadata and controls

100 lines (99 loc) · 14 KB
Raw

Top reports from Rockstar Games program at HackerOne:

  1. The return of the < to Rockstar Games - 533 upvotes, $1000
  2. Account Takeover using Linked Accounts due to lack of CSRF protection to Rockstar Games - 227 upvotes, $1000
  3. Stealing Facebook OAuth Code Through Screenshot viewer to Rockstar Games - 193 upvotes, $750
  4. XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker) to Rockstar Games - 184 upvotes, $750
  5. xss on https://www.rockstargames.com/GTAOnline/jp/screens/ to Rockstar Games - 153 upvotes, $750
  6. Unserialize leading to arbitrary PHP function invoke to Rockstar Games - 113 upvotes, $5000
  7. Stored XSS in Snapmatic + R★Editor comments to Rockstar Games - 111 upvotes, $1000
  8. SocialClub Account Take Over Through Import Friends feature to Rockstar Games - 106 upvotes, $1500
  9. Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft. to Rockstar Games - 106 upvotes, $750
  10. CSRF Vulnerability on https://signin.rockstargames.com/tpa/facebook/link/ to Rockstar Games - 98 upvotes, $1000
  11. Open redirect vulnerability to Rockstar Games - 80 upvotes, $250
  12. Blind SSRF in emblem editor (2) to Rockstar Games - 72 upvotes, $1500
  13. LFI and SSRF via XXE in emblem editor to Rockstar Games - 68 upvotes, $1500
  14. Cache Poisoning DoS on updates.rockstargames.com to Rockstar Games - 68 upvotes, $500
  15. Facebook OAuth Code Theft through referer leakage on support.rockstargames.com to Rockstar Games - 67 upvotes, $750
  16. Unquoted Service Path in "Rockstar Game Library Service" to Rockstar Games - 60 upvotes, $750
  17. Brute Force against VMware Horizon to Rockstar Games - 50 upvotes, $250
  18. Stored XSS on support.rockstargames.com to Rockstar Games - 49 upvotes, $1000
  19. full path disclosure on www.rockstargames.com via apache filename brute forcing to Rockstar Games - 47 upvotes, $150
  20. SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE to Rockstar Games - 46 upvotes, $1500
  21. DOM based XSS on /GTAOnline/tw/starterpack/ to Rockstar Games - 45 upvotes, $750
  22. DOM XSS on https://www.rockstargames.com/GTAOnline/feedback to Rockstar Games - 44 upvotes, $1250
  23. Bypass CAPTCHA protection to Rockstar Games - 42 upvotes, $500
  24. Stored XSS in profile activity feed messages to Rockstar Games - 41 upvotes, $1000
  25. CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php' to Rockstar Games - 36 upvotes, $750
  26. Smuggle SocialClub's Facebook OAuth Code via Referer Leakage to Rockstar Games - 35 upvotes, $750
  27. DOM Based xss on https://www.rockstargames.com/ ( 1 ) to Rockstar Games - 33 upvotes, $850
  28. Social Club Account Takeover Via RGL And Steam/Epic Linked Account to Rockstar Games - 32 upvotes, $1000
  29. Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft. to Rockstar Games - 32 upvotes, $500
  30. Exploiting Misconfigured CORS to Steal User Information to Rockstar Games - 31 upvotes, $500
  31. Stored XSS on profile page via Steam display name to Rockstar Games - 29 upvotes, $1250
  32. stored XSS (angular injection) in support.rockstargames.com using zendesk register form via name parameter to Rockstar Games - 29 upvotes, $1000
  33. XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js to Rockstar Games - 28 upvotes, $1000
  34. <- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information -> to Rockstar Games - 27 upvotes, $1400
  35. Stored XSS in snapmatic comments to Rockstar Games - 27 upvotes, $1000
  36. CSRF Vulnerability allows attackers to steal SocialClub private token. to Rockstar Games - 27 upvotes, $600
  37. Image Injection/XSS vulnerability affecting https://www.rockstargames.com/newswire/article to Rockstar Games - 26 upvotes, $750
  38. DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request to Rockstar Games - 26 upvotes, $500
  39. Stored XSS on member post feed to Rockstar Games - 25 upvotes, $1000
  40. Reflected XSS in /Videos/ via calling a callback http://www.rockstargames.com/videos/#/?lb= to Rockstar Games - 25 upvotes, $650
  41. Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire to Rockstar Games - 25 upvotes, $500
  42. CSRF Vulnerability on post creation page /community/create-post.json to Rockstar Games - 25 upvotes, $150
  43. Uninstalling Rockstar Games Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication to Rockstar Games - 23 upvotes, $250
  44. Open redirect on https://signin.rockstargames.com/connect/authorize/rsg to Rockstar Games - 23 upvotes, $150
  45. Reflected XSS via Double Encoding to Rockstar Games - 21 upvotes, $500
  46. Login form on non-HTTPS page to Rockstar Games - 21 upvotes, $350
  47. use of unsafe host header leads to open redirect to Rockstar Games - 20 upvotes, $300
  48. Information Disclosure in https://www.rockstargames.com/search to Rockstar Games - 20 upvotes, $250
  49. Stored XSS with CRLF injection via post message to user feed to Rockstar Games - 19 upvotes, $1000
  50. Open redirect in https://www.rockstargames.com/GTAOnline/restricted-content/agegate/form may lead to Facebook OAuth token theft to Rockstar Games - 19 upvotes, $750
  51. phpinfo() on graph.rockstargames.com exposes sensitive information to Rockstar Games - 19 upvotes, $500
  52. Comments Denial of Service in socialclub.rockstargames.com to Rockstar Games - 18 upvotes, $500
  53. Race condition vulnerability on "This Rocks" button. to Rockstar Games - 18 upvotes, $250
  54. Table and Column Exposure to Rockstar Games - 18 upvotes, $150
  55. Reflected XSS in reddeadredemption Site located at www.rockstargames.com/reddeadredemption to Rockstar Games - 17 upvotes, $750
  56. [IMP] - Blind XSS in the admin panel for reviewing comments to Rockstar Games - 17 upvotes, $650
  57. Stored XSS via Send crew invite to Rockstar Games - 16 upvotes, $1000
  58. Dom based xss on https://www.rockstargames.com/ via returnUrl parameter to Rockstar Games - 16 upvotes, $750
  59. Minor Account Privacy can Set to Everyone. to Rockstar Games - 16 upvotes, $150
  60. Open redirect affecting m.rockstargames.com/ to Rockstar Games - 15 upvotes, $750
  61. Dom based xss on /reddeadredemption2/br/videos to Rockstar Games - 14 upvotes, $750
  62. SocialClub's Facebook OAuth Theft through Warehouse XSS. to Rockstar Games - 13 upvotes, $750
  63. Client-side Template Injection in Search, user email/token leak and maybe sandbox escape to Rockstar Games - 13 upvotes, $500
  64. Control Character Injection In Messages to Rockstar Games - 13 upvotes, $350
  65. Full path Disclosure in Rockstargames.com██████████ to Rockstar Games - 13 upvotes, $150
  66. DOM BASED XSS ON https://www.rockstargames.com/GTAOnline/features to Rockstar Games - 12 upvotes, $750
  67. dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass) to Rockstar Games - 12 upvotes, $500
  68. Image Injection vulnerability in www.rockstargames.com/IV/screens/1280x720Image.html to Rockstar Games - 12 upvotes, $500
  69. Stored XSS on support.rockstargames.com to Rockstar Games - 11 upvotes, $1000
  70. Warehouse dom based xss may lead to Social Club Account Taker Over. to Rockstar Games - 11 upvotes, $750
  71. Image Injection on www.rockstargames.com/screenshot-viewer/responsive/image may allow facebook oauth token theft. to Rockstar Games - 11 upvotes, $500
  72. Source Code Disclosure (CGI) to Rockstar Games - 11 upvotes, $150
  73. Leak IP internal to Rockstar Games - 11 upvotes, $150
  74. Your support community suffers from angularjs injection and must be fixed immediately [CRITICAL] to Rockstar Games - 10 upvotes, $500
  75. Flash injection vulnerability on /IV/imgPlayer/imageEmbed.swf to Rockstar Games - 10 upvotes, $500
  76. Found CSRF Vulnerability in https://support.rockstargames.com/ to Rockstar Games - 10 upvotes, $150
  77. dom based xss in https://www.rockstargames.com/GTAOnline/ to Rockstar Games - 9 upvotes, $500
  78. RDR2 game service method allows adding any player to a new Posse without consent to Rockstar Games - 9 upvotes, $500
  79. csrf in https://www.rockstargames.com/reddeadonline/feedback/submit.json to Rockstar Games - 9 upvotes, $150
  80. flash injection in http://www.rockstargames.com/IV/imgPlayer/imageEmbed.swf to Rockstar Games - 8 upvotes, $500
  81. Image Injection on /bully/anniversaryedition may lead to FB's OAuth Token Theft. to Rockstar Games - 8 upvotes, $500
  82. Profile bio at rockstar is accepting control characters to Rockstar Games - 7 upvotes, $350
  83. DOM based XSS on /GTAOnline/de/news/article via "returnUrl" parameter to Rockstar Games - 6 upvotes, $750
  84. Ability to post comments to a crew even after getting kicked out to Rockstar Games - 6 upvotes, $500
  85. image injection /screenshot-viewer/responsive/image (ANOTHER FIX BYPASS) to Rockstar Games - 6 upvotes, $500
  86. Control characters incorrectly handled on Crew Status Update to Rockstar Games - 6 upvotes, $250
  87. SSLv3 POODLE Vulnerability to Rockstar Games - 6 upvotes, $150
  88. insecure redirect in https://www.rockstargames.com to Rockstar Games - 6 upvotes, $0
  89. Dom based XSS on www.rockstargames.com/GTAOnline/features/freemode to Rockstar Games - 5 upvotes, $750
  90. Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft to Rockstar Games - 5 upvotes, $500
  91. Referer Leakge in language changer may lead to FB token theft. to Rockstar Games - 5 upvotes, $500
  92. Image injection on /screenshot-viewer/responsive/image ( FIX BYPASS) to Rockstar Games - 5 upvotes, $500
  93. Modifying Sprunk vs eCola crew data to Rockstar Games - 5 upvotes, $250
  94. Image Injection on /bully/anniversaryedition may lead to OAuth token theft. to Rockstar Games - 4 upvotes, $500
  95. Referer Referer Header Leakage in language changer may lead to FB token theft to Rockstar Games - 3 upvotes, $500
  96. Image injection /br/games/info may lead to phishing attacks or FB OAuth theft. to Rockstar Games - 3 upvotes, $500
  97. Image Injection Vulnerability on /bully/screens to Rockstar Games - 3 upvotes, $500
  98. CSRF Vulnerabiliy on Facebook Linkage Page Allows Full Account takerover of Socialclub Accounts. to Rockstar Games - 2 upvotes, $550