Epic's Fortnite fail: Ancient UT2004 server used for login-stealing proof-of-concept

A tale of XSS, SQL injection and OAuth implementation
Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games URL to phish their marks.…