$4,000 Starbucks secondary context path traversal – Hackerone
Original blogpost:
https://samcurry.net/hacking-starbucks/
Original report:
https://hackerone.com/reports/876295
Presentation about the topic:
Slides: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/edit
Video: https://www.youtube.com/watch?v=hWmXEAi9z5w
Sam Curry:
https://twitter.com/samwcyo
https://hackerone.com/zlz
Justin Gardner:
https://twitter.com/Rhynorater
https://hackerone.com/rhynorater
00:00 Intro
00:49 Microservice architecture
02:25 Identifying the vulnerability
03:52 bypassing WAF
04:42 exploiting the vulnerability
#path #traversal #microservices #hackerone #starbucks #secondary #context
Add comment