Skip to content

Latest commit

 

History

History
99 lines (95 loc) · 13.2 KB

TOPROCKSTARGAMES.md

File metadata and controls

99 lines (95 loc) · 13.2 KB

Back

Top reports from Rockstar Games program at HackerOne:

  1. The return of the < to Rockstar Games - 518 upvotes, $1000
  2. Account Takeover using Linked Accounts due to lack of CSRF protection to Rockstar Games - 226 upvotes, $1000
  3. Stealing Facebook OAuth Code Through Screenshot viewer to Rockstar Games - 186 upvotes, $750
  4. xss on https://www.rockstargames.com/GTAOnline/jp/screens/ to Rockstar Games - 150 upvotes, $750
  5. Unserialize leading to arbitrary PHP function invoke to Rockstar Games - 112 upvotes, $5000
  6. Stored XSS in Snapmatic + R★Editor comments to Rockstar Games - 110 upvotes, $1000
  7. Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft. to Rockstar Games - 103 upvotes, $750
  8. CSRF Vulnerability on https://signin.rockstargames.com/tpa/facebook/link/ to Rockstar Games - 96 upvotes, $1000
  9. SocialClub Account Take Over Through Import Friends feature to Rockstar Games - 80 upvotes, $1500
  10. Open redirect vulnerability to Rockstar Games - 80 upvotes, $250
  11. Blind SSRF in emblem editor (2) to Rockstar Games - 71 upvotes, $1500
  12. LFI and SSRF via XXE in emblem editor to Rockstar Games - 67 upvotes, $1500
  13. Facebook OAuth Code Theft through referer leakage on support.rockstargames.com to Rockstar Games - 66 upvotes, $750
  14. Unquoted Service Path in "Rockstar Game Library Service" to Rockstar Games - 60 upvotes, $750
  15. Stored XSS on support.rockstargames.com to Rockstar Games - 48 upvotes, $1000
  16. SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE to Rockstar Games - 45 upvotes, $1500
  17. full path disclosure on www.rockstargames.com via apache filename brute forcing to Rockstar Games - 45 upvotes, $150
  18. DOM based XSS on /GTAOnline/tw/starterpack/ to Rockstar Games - 44 upvotes, $750
  19. DOM XSS on https://www.rockstargames.com/GTAOnline/feedback to Rockstar Games - 43 upvotes, $1250
  20. Stored XSS in profile activity feed messages to Rockstar Games - 41 upvotes, $1000
  21. Bypass CAPTCHA protection to Rockstar Games - 39 upvotes, $500
  22. Smuggle SocialClub's Facebook OAuth Code via Referer Leakage to Rockstar Games - 35 upvotes, $750
  23. CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php' to Rockstar Games - 34 upvotes, $750
  24. DOM Based xss on https://www.rockstargames.com/ ( 1 ) to Rockstar Games - 32 upvotes, $850
  25. Exploiting Misconfigured CORS to Steal User Information to Rockstar Games - 31 upvotes, $500
  26. Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft. to Rockstar Games - 31 upvotes, $500
  27. Stored XSS on profile page via Steam display name to Rockstar Games - 29 upvotes, $1250
  28. stored XSS (angular injection) in support.rockstargames.com using zendesk register form via name parameter to Rockstar Games - 29 upvotes, $1000
  29. XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js to Rockstar Games - 28 upvotes, $1000
  30. <- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information -> to Rockstar Games - 27 upvotes, $1400
  31. CSRF Vulnerability allows attackers to steal SocialClub private token. to Rockstar Games - 27 upvotes, $600
  32. Stored XSS in snapmatic comments to Rockstar Games - 26 upvotes, $1000
  33. Image Injection/XSS vulnerability affecting https://www.rockstargames.com/newswire/article to Rockstar Games - 26 upvotes, $750
  34. DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request to Rockstar Games - 26 upvotes, $500
  35. Stored XSS on member post feed to Rockstar Games - 25 upvotes, $1000
  36. CSRF Vulnerability on post creation page /community/create-post.json to Rockstar Games - 25 upvotes, $150
  37. Reflected XSS in /Videos/ via calling a callback http://www.rockstargames.com/videos/#/?lb= to Rockstar Games - 24 upvotes, $650
  38. Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire to Rockstar Games - 24 upvotes, $500
  39. Reflected XSS via Double Encoding to Rockstar Games - 21 upvotes, $500
  40. Login form on non-HTTPS page to Rockstar Games - 20 upvotes, $350
  41. use of unsafe host header leads to open redirect to Rockstar Games - 20 upvotes, $300
  42. Open redirect on https://signin.rockstargames.com/connect/authorize/rsg to Rockstar Games - 20 upvotes, $150
  43. Stored XSS with CRLF injection via post message to user feed to Rockstar Games - 19 upvotes, $1000
  44. Information Disclosure in https://www.rockstargames.com/search to Rockstar Games - 19 upvotes, $250
  45. Open redirect in https://www.rockstargames.com/GTAOnline/restricted-content/agegate/form may lead to Facebook OAuth token theft to Rockstar Games - 18 upvotes, $750
  46. Reflected XSS in reddeadredemption Site located at www.rockstargames.com/reddeadredemption to Rockstar Games - 17 upvotes, $750
  47. Comments Denial of Service in socialclub.rockstargames.com to Rockstar Games - 17 upvotes, $500
  48. phpinfo() on graph.rockstargames.com exposes sensitive information to Rockstar Games - 17 upvotes, $500
  49. Race condition vulnerability on "This Rocks" button. to Rockstar Games - 17 upvotes, $250
  50. Table and Column Exposure to Rockstar Games - 17 upvotes, $150
  51. Stored XSS via Send crew invite to Rockstar Games - 16 upvotes, $1000
  52. Dom based xss on https://www.rockstargames.com/ via returnUrl parameter to Rockstar Games - 16 upvotes, $750
  53. [IMP] - Blind XSS in the admin panel for reviewing comments to Rockstar Games - 16 upvotes, $650
  54. Minor Account Privacy can Set to Everyone. to Rockstar Games - 15 upvotes, $150
  55. Open redirect affecting m.rockstargames.com/ to Rockstar Games - 14 upvotes, $750
  56. Dom based xss on /reddeadredemption2/br/videos to Rockstar Games - 14 upvotes, $750
  57. SocialClub's Facebook OAuth Theft through Warehouse XSS. to Rockstar Games - 13 upvotes, $750
  58. Client-side Template Injection in Search, user email/token leak and maybe sandbox escape to Rockstar Games - 13 upvotes, $500
  59. Full path Disclosure in Rockstargames.com██████████ to Rockstar Games - 13 upvotes, $150
  60. DOM BASED XSS ON https://www.rockstargames.com/GTAOnline/features to Rockstar Games - 12 upvotes, $750
  61. Image Injection vulnerability in www.rockstargames.com/IV/screens/1280x720Image.html to Rockstar Games - 12 upvotes, $500
  62. Control Character Injection In Messages to Rockstar Games - 12 upvotes, $350
  63. Stored XSS on support.rockstargames.com to Rockstar Games - 11 upvotes, $1000
  64. Warehouse dom based xss may lead to Social Club Account Taker Over. to Rockstar Games - 11 upvotes, $750
  65. dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass) to Rockstar Games - 11 upvotes, $500
  66. Image Injection on www.rockstargames.com/screenshot-viewer/responsive/image may allow facebook oauth token theft. to Rockstar Games - 11 upvotes, $500
  67. Source Code Disclosure (CGI) to Rockstar Games - 11 upvotes, $150
  68. Leak IP internal to Rockstar Games - 11 upvotes, $150
  69. Your support community suffers from angularjs injection and must be fixed immediately [CRITICAL] to Rockstar Games - 10 upvotes, $500
  70. Flash injection vulnerability on /IV/imgPlayer/imageEmbed.swf to Rockstar Games - 10 upvotes, $500
  71. Found CSRF Vulnerability in https://support.rockstargames.com/ to Rockstar Games - 10 upvotes, $150
  72. csrf in https://www.rockstargames.com/reddeadonline/feedback/submit.json to Rockstar Games - 9 upvotes, $150
  73. dom based xss in https://www.rockstargames.com/GTAOnline/ to Rockstar Games - 8 upvotes, $500
  74. flash injection in http://www.rockstargames.com/IV/imgPlayer/imageEmbed.swf to Rockstar Games - 8 upvotes, $500
  75. Image Injection on /bully/anniversaryedition may lead to FB's OAuth Token Theft. to Rockstar Games - 8 upvotes, $500
  76. RDR2 game service method allows adding any player to a new Posse without consent to Rockstar Games - 8 upvotes, $500
  77. DOM based XSS on /GTAOnline/de/news/article via "returnUrl" parameter to Rockstar Games - 6 upvotes, $750
  78. Ability to post comments to a crew even after getting kicked out to Rockstar Games - 6 upvotes, $500
  79. image injection /screenshot-viewer/responsive/image (ANOTHER FIX BYPASS) to Rockstar Games - 6 upvotes, $500
  80. Profile bio at rockstar is accepting control characters to Rockstar Games - 6 upvotes, $350
  81. Control characters incorrectly handled on Crew Status Update to Rockstar Games - 6 upvotes, $250
  82. SSLv3 POODLE Vulnerability to Rockstar Games - 6 upvotes, $150
  83. insecure redirect in https://www.rockstargames.com to Rockstar Games - 6 upvotes, $0
  84. Dom based XSS on www.rockstargames.com/GTAOnline/features/freemode to Rockstar Games - 5 upvotes, $750
  85. Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft to Rockstar Games - 5 upvotes, $500
  86. Referer Leakge in language changer may lead to FB token theft. to Rockstar Games - 5 upvotes, $500
  87. Image injection on /screenshot-viewer/responsive/image ( FIX BYPASS) to Rockstar Games - 5 upvotes, $500
  88. Image Injection on /bully/anniversaryedition may lead to OAuth token theft. to Rockstar Games - 4 upvotes, $500
  89. Referer Referer Header Leakage in language changer may lead to FB token theft to Rockstar Games - 3 upvotes, $500
  90. Image injection /br/games/info may lead to phishing attacks or FB OAuth theft. to Rockstar Games - 3 upvotes, $500
  91. Image Injection Vulnerability on /bully/screens to Rockstar Games - 3 upvotes, $500
  92. CSRF Vulnerabiliy on Facebook Linkage Page Allows Full Account takerover of Socialclub Accounts. to Rockstar Games - 2 upvotes, $550

Back