Skip to content

Latest commit

 

History

History
94 lines (90 loc) · 12.5 KB

TOPROCKSTARGAMES.md

File metadata and controls

94 lines (90 loc) · 12.5 KB
Raw

Back

Top reports from Rockstar Games program at HackerOne:

  1. The return of the < to Rockstar Games - 511 upvotes, $1000
  2. Account Takeover using Linked Accounts due to lack of CSRF protection to Rockstar Games - 224 upvotes, $1000
  3. Stealing Facebook OAuth Code Through Screenshot viewer to Rockstar Games - 185 upvotes, $750
  4. xss on https://www.rockstargames.com/GTAOnline/jp/screens/ to Rockstar Games - 150 upvotes, $750
  5. Unserialize leading to arbitrary PHP function invoke to Rockstar Games - 112 upvotes, $5000
  6. Stored XSS in Snapmatic + R★Editor comments to Rockstar Games - 107 upvotes, $1000
  7. Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft. to Rockstar Games - 101 upvotes, $750
  8. CSRF Vulnerability on https://signin.rockstargames.com/tpa/facebook/link/ to Rockstar Games - 96 upvotes, $1000
  9. Open redirect vulnerability to Rockstar Games - 80 upvotes, $250
  10. Blind SSRF in emblem editor (2) to Rockstar Games - 70 upvotes, $1500
  11. Facebook OAuth Code Theft through referer leakage on support.rockstargames.com to Rockstar Games - 65 upvotes, $750
  12. LFI and SSRF via XXE in emblem editor to Rockstar Games - 64 upvotes, $1500
  13. Unquoted Service Path in "Rockstar Game Library Service" to Rockstar Games - 60 upvotes, $750
  14. Stored XSS on support.rockstargames.com to Rockstar Games - 48 upvotes, $1000
  15. full path disclosure on www.rockstargames.com via apache filename brute forcing to Rockstar Games - 45 upvotes, $150
  16. SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE to Rockstar Games - 44 upvotes, $1500
  17. DOM based XSS on /GTAOnline/tw/starterpack/ to Rockstar Games - 44 upvotes, $750
  18. DOM XSS on https://www.rockstargames.com/GTAOnline/feedback to Rockstar Games - 43 upvotes, $1250
  19. Stored XSS in profile activity feed messages to Rockstar Games - 41 upvotes, $1000
  20. Bypass CAPTCHA protection to Rockstar Games - 38 upvotes, $500
  21. Smuggle SocialClub's Facebook OAuth Code via Referer Leakage to Rockstar Games - 35 upvotes, $750
  22. CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php' to Rockstar Games - 34 upvotes, $750
  23. DOM Based xss on https://www.rockstargames.com/ ( 1 ) to Rockstar Games - 32 upvotes, $850
  24. Exploiting Misconfigured CORS to Steal User Information to Rockstar Games - 31 upvotes, $500
  25. Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft. to Rockstar Games - 30 upvotes, $500
  26. Stored XSS on profile page via Steam display name to Rockstar Games - 29 upvotes, $1250
  27. stored XSS (angular injection) in support.rockstargames.com using zendesk register form via name parameter to Rockstar Games - 29 upvotes, $1000
  28. XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js to Rockstar Games - 28 upvotes, $1000
  29. CSRF Vulnerability allows attackers to steal SocialClub private token. to Rockstar Games - 27 upvotes, $600
  30. <- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information -> to Rockstar Games - 26 upvotes, $1400
  31. Stored XSS in snapmatic comments to Rockstar Games - 26 upvotes, $1000
  32. Image Injection/XSS vulnerability affecting https://www.rockstargames.com/newswire/article to Rockstar Games - 26 upvotes, $750
  33. DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request to Rockstar Games - 26 upvotes, $500
  34. Stored XSS on member post feed to Rockstar Games - 25 upvotes, $1000
  35. CSRF Vulnerability on post creation page /community/create-post.json to Rockstar Games - 25 upvotes, $150
  36. Reflected XSS in /Videos/ via calling a callback http://www.rockstargames.com/videos/#/?lb= to Rockstar Games - 24 upvotes, $650
  37. Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire to Rockstar Games - 24 upvotes, $500
  38. Reflected XSS via Double Encoding to Rockstar Games - 21 upvotes, $500
  39. Login form on non-HTTPS page to Rockstar Games - 20 upvotes, $350
  40. use of unsafe host header leads to open redirect to Rockstar Games - 20 upvotes, $300
  41. Stored XSS with CRLF injection via post message to user feed to Rockstar Games - 19 upvotes, $1000
  42. Information Disclosure in https://www.rockstargames.com/search to Rockstar Games - 18 upvotes, $250
  43. Reflected XSS in reddeadredemption Site located at www.rockstargames.com/reddeadredemption to Rockstar Games - 17 upvotes, $750
  44. Open redirect in https://www.rockstargames.com/GTAOnline/restricted-content/agegate/form may lead to Facebook OAuth token theft to Rockstar Games - 17 upvotes, $750
  45. Comments Denial of Service in socialclub.rockstargames.com to Rockstar Games - 17 upvotes, $500
  46. Race condition vulnerability on "This Rocks" button. to Rockstar Games - 17 upvotes, $250
  47. Table and Column Exposure to Rockstar Games - 17 upvotes, $150
  48. Stored XSS via Send crew invite to Rockstar Games - 16 upvotes, $1000
  49. Dom based xss on https://www.rockstargames.com/ via returnUrl parameter to Rockstar Games - 16 upvotes, $750
  50. [IMP] - Blind XSS in the admin panel for reviewing comments to Rockstar Games - 16 upvotes, $650
  51. Open redirect affecting m.rockstargames.com/ to Rockstar Games - 14 upvotes, $750
  52. Dom based xss on /reddeadredemption2/br/videos to Rockstar Games - 14 upvotes, $750
  53. SocialClub's Facebook OAuth Theft through Warehouse XSS. to Rockstar Games - 13 upvotes, $750
  54. Client-side Template Injection in Search, user email/token leak and maybe sandbox escape to Rockstar Games - 13 upvotes, $500
  55. Full path Disclosure in Rockstargames.com██████████ to Rockstar Games - 13 upvotes, $150
  56. DOM BASED XSS ON https://www.rockstargames.com/GTAOnline/features to Rockstar Games - 12 upvotes, $750
  57. Image Injection vulnerability in www.rockstargames.com/IV/screens/1280x720Image.html to Rockstar Games - 12 upvotes, $500
  58. Control Character Injection In Messages to Rockstar Games - 12 upvotes, $350
  59. Stored XSS on support.rockstargames.com to Rockstar Games - 11 upvotes, $1000
  60. Warehouse dom based xss may lead to Social Club Account Taker Over. to Rockstar Games - 11 upvotes, $750
  61. dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass) to Rockstar Games - 11 upvotes, $500
  62. Image Injection on www.rockstargames.com/screenshot-viewer/responsive/image may allow facebook oauth token theft. to Rockstar Games - 11 upvotes, $500
  63. Source Code Disclosure (CGI) to Rockstar Games - 11 upvotes, $150
  64. Leak IP internal to Rockstar Games - 11 upvotes, $150
  65. Your support community suffers from angularjs injection and must be fixed immediately [CRITICAL] to Rockstar Games - 10 upvotes, $500
  66. Flash injection vulnerability on /IV/imgPlayer/imageEmbed.swf to Rockstar Games - 10 upvotes, $500
  67. Found CSRF Vulnerability in https://support.rockstargames.com/ to Rockstar Games - 10 upvotes, $150
  68. csrf in https://www.rockstargames.com/reddeadonline/feedback/submit.json to Rockstar Games - 9 upvotes, $150
  69. dom based xss in https://www.rockstargames.com/GTAOnline/ to Rockstar Games - 8 upvotes, $500
  70. flash injection in http://www.rockstargames.com/IV/imgPlayer/imageEmbed.swf to Rockstar Games - 8 upvotes, $500
  71. Image Injection on /bully/anniversaryedition may lead to FB's OAuth Token Theft. to Rockstar Games - 7 upvotes, $500
  72. DOM based XSS on /GTAOnline/de/news/article via "returnUrl" parameter to Rockstar Games - 6 upvotes, $750
  73. Ability to post comments to a crew even after getting kicked out to Rockstar Games - 6 upvotes, $500
  74. image injection /screenshot-viewer/responsive/image (ANOTHER FIX BYPASS) to Rockstar Games - 6 upvotes, $500
  75. Profile bio at rockstar is accepting control characters to Rockstar Games - 6 upvotes, $350
  76. Control characters incorrectly handled on Crew Status Update to Rockstar Games - 6 upvotes, $250
  77. SSLv3 POODLE Vulnerability to Rockstar Games - 6 upvotes, $150
  78. insecure redirect in https://www.rockstargames.com to Rockstar Games - 6 upvotes, $0
  79. Dom based XSS on www.rockstargames.com/GTAOnline/features/freemode to Rockstar Games - 5 upvotes, $750
  80. Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft to Rockstar Games - 5 upvotes, $500
  81. Image injection on /screenshot-viewer/responsive/image ( FIX BYPASS) to Rockstar Games - 5 upvotes, $500
  82. Referer Leakge in language changer may lead to FB token theft. to Rockstar Games - 4 upvotes, $500
  83. Image Injection on /bully/anniversaryedition may lead to OAuth token theft. to Rockstar Games - 4 upvotes, $500
  84. Referer Referer Header Leakage in language changer may lead to FB token theft to Rockstar Games - 3 upvotes, $500
  85. Image injection /br/games/info may lead to phishing attacks or FB OAuth theft. to Rockstar Games - 3 upvotes, $500
  86. Image Injection Vulnerability on /bully/screens to Rockstar Games - 3 upvotes, $500
  87. CSRF Vulnerabiliy on Facebook Linkage Page Allows Full Account takerover of Socialclub Accounts. to Rockstar Games - 2 upvotes, $550

Back