This video is an explanation of bug bounty report of critical vulnerability submitted on Hackerone to Starbucks bug bounty program. It was secondary context path traversal in application that was using microservices and allowed to access almost 100 million customer records.
Original blogpost:
https://samcurry.net/hacking-starbucks/
Original report:
https://hackerone.com/reports/876295
Presentation about the topic:
Slides: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/edit
Video: https://www.youtube.com/watch?v=hWmXEAi9z5w
Sam Curry:
https://twitter.com/samwcyo
https://hackerone.com/zlz
Justin Gardner:
https://twitter.com/Rhynorater
https://hackerone.com/rhynorater
00:00 Intro
00:49 Microservice architecture
02:25 Identifying the vulnerability
03:52 bypassing WAF
04:42 exploiting the vulnerability
#path #traversal #microservices #hackerone #starbucks #secondary #context
Add comment