This video is an explanation of bug bounty report of critical vulnerability submitted on Hackerone to Starbucks bug bounty program. It was secondary context path traversal in application that was using microservices and allowed to access almost 100 million customer records.

Original blogpost:
Original report:

Presentation about the topic:

Sam Curry:

Justin Gardner:

00:00 Intro
00:49 Microservice architecture
02:25 Identifying the vulnerability
03:52 bypassing WAF
04:42 exploiting the vulnerability

#path #traversal #microservices #hackerone #starbucks #secondary #context

Add comment

Your email address will not be published. Required fields are marked *