4115 shaares
317 liens privés
317 liens privés
/me : facepalm
XSS + Javascript payload = bad news
In response, Epic Games’ server generates a response with no input validation and redirects the user to "ut2004stats.epicgames.com" with the XSS payload and the SSO token
