Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.
Posted: Wed Feb 05, 2025 5:08 pm
In this report, the researcher identified a series of vulnerabilities that could be exploited together to exfiltrate sensitive user tokens. In this attack chain, one critical step was an image injection vulnerability in the Screenshot-Viewer function on the main site, at https://www.rockstargames.com/screensho ... sive/image. We resolved this vulnerability, thus preventing the attack and protecting user tokens.
https://hackerone.com/reports/655288
https://hackerone.com/reports/655288