This video is an explanation of bug bounty report of critical vulnerability submitted on Hackerone to Starbucks bug bounty program. It was secondary context path traversal in application that was using microservices and allowed to access almost 100 million customer records.

Original blogpost:
https://samcurry.net/hacking-starbucks/
Original report:
https://hackerone.com/reports/876295

Presentation about the topic:
Slides: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/edit
Video: https://www.youtube.com/watch?v=hWmXEAi9z5w

Sam Curry:
https://twitter.com/samwcyo
https://hackerone.com/zlz

Justin Gardner:
https://twitter.com/Rhynorater
https://hackerone.com/rhynorater

00:00 Intro
00:49 Microservice architecture
02:25 Identifying the vulnerability
03:52 bypassing WAF
04:42 exploiting the vulnerability

#path #traversal #microservices #hackerone #starbucks #secondary #context

Add comment

Your email address will not be published. Required fields are marked *