$4,000 Starbucks secondary context path traversal

No video

$4,000 Starbucks secondary context path traversal - Hackerone

Рет қаралды 16,053

Күн бұрын

📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
This video is an explanation of bug bounty report of critical vulnerability submitted on Hackerone to Starbucks bug bounty program. It was secondary context path traversal in application that was using microservices and allowed to access almost 100 million customer records.
Original blogpost:
samcurry.net/hacking-starbucks/
Original report:
hackerone.com/reports/876295
Presentation about the topic:
Slides: docs.google.com/presentation/...
Video: • Attacking Secondary Co...
Sam Curry:
/ samwcyo
hackerone.com/zlz
Justin Gardner:
/ rhynorater
hackerone.com/rhynorater
00:00 Intro
00:49 Microservice architecture
02:25 Identifying the vulnerability
03:52 bypassing WAF
04:42 exploiting the vulnerability
#path #traversal #microservices #hackerone #starbucks #secondary #context

Пікірлер: 63

@BugBountyReportsExplained 3 жыл бұрын

Welcome to the comment section! First, thanks for watching! Make sure you are subscribed if you liked the video! kzbin.info Follow me on twitter: twitter.com/gregxsunday ✉️ Sign up for the mailing list ✉️ mailing.bugbountyexplained.com/ ☕️ Support my channel ☕️ www.buymeacoffee.com/bountyexplained 🖥 Get $100 in credits for Digital Ocean 🖥 m.do.co/c/cc700f81d215

@drset 3 жыл бұрын

Excellent explanation, I had read this report when it came out, but you help me understand it better. Thanks!

@BugBountyReportsExplained 3 жыл бұрын

👌👌👌

@gajendraupadhyay6740 2 жыл бұрын

Thanks bro...Your way of explaining bounty report is extremely understandable.....keep it up...

@InfiniteLogins 3 жыл бұрын

It's very cool to see you break these down. As somebody who has experience in network pentesting, but am new to webapps/bug bounties, these explanations make it easier for me to realize how possible it is to actually be successful in that space. It also gives me ideas on what to look for. Thank you man, I hope great success for you and your channel.

@BugBountyReportsExplained 3 жыл бұрын

it's awesome to hear those words!!

@saurabh5392 3 жыл бұрын

You earned a sub today man. Great work and content! 👍👍 Thank you for your efforts 😎

@BugBountyReportsExplained 3 жыл бұрын

thanks man😎

@DevilAlpacca 3 жыл бұрын

I love your Channel! Please keep it up! Keep em coming!

@BugBountyReportsExplained 3 жыл бұрын

thanks👌 i will

@dombruise9716 3 жыл бұрын

Very clean and detailed. Liked and subscribed!

@BugBountyReportsExplained 3 жыл бұрын

welcome!

@avisawade6190 3 жыл бұрын

Thank you Buddy Awesome Explanation, Keep it UP

@BugBountyReportsExplained 3 жыл бұрын

thanks😊😊

@cybersec9111 Жыл бұрын

Amazing video, keep doing these!

@zombie9503 3 жыл бұрын

Love the content, thanks man

@BugBountyReportsExplained 3 жыл бұрын

😊😊

@robot67799 2 жыл бұрын

I indeed learned something new from this video, thanks for sharing ❤️

@charvi444 3 жыл бұрын

Such a great video man

@0xfsec 3 жыл бұрын

Wow.. what an awesome explanation man.. Please more upload videos like this..

@BugBountyReportsExplained 3 жыл бұрын

thank you👌👌

@aorsec8084 3 жыл бұрын

Amazing content bro, keep it up!

@BugBountyReportsExplained 3 жыл бұрын

👌👌

@ca7986 3 жыл бұрын

❤️ you are doing an amazing job!

@BugBountyReportsExplained 3 жыл бұрын

thank you!

@dhruvkandpal9909 3 жыл бұрын

Excellent explanation!

@BugBountyReportsExplained 3 жыл бұрын

😊

@skwtf 3 жыл бұрын

Thank you! A question: Why back slash (\) for traversing, instead of forward slash(/)? Because it's IIS? Did he fingerprint the server type?

@BugBountyReportsExplained 3 жыл бұрын

Forward slash could be interpreted by the front-end server as the end of the parameter. URL encoding could be still decoded and in turn, double encoding might not have been decoded by the back-end. Thus, backslash is something that was not interpreted by the end of the URL parameter and at the same time interpreted as the path separator by the back-end. That's my guess. Good question, thanks!

@dennismunyaka6537 2 жыл бұрын

very informative and well explicated.

@BugBountyReportsExplained 2 жыл бұрын

Glad it was helpful!

@RishabhMishraIndia 3 жыл бұрын

Please keep it up! 🔥

@BugBountyReportsExplained 3 жыл бұрын

i will👌

@bonniedean9495 3 жыл бұрын

Isn't 4,000$ a very low amount? I'm sure the researchers could sell the exploit for way more on the black market.

@Kay5322s 3 жыл бұрын

Of course this vuln gotta earn 15-20k

@BugBountyReportsExplained 3 жыл бұрын

yeah, I'm slightly worried, that some hunters will start selling those vulns on black market for much bigger rewards. At least it would probably motivate bug bounty programs to start paying out comparable amounts.

@VM-mo9ku 3 жыл бұрын

yeahh man, Starbucks should be ashamed of themselves for this reward...

@toolshack21 3 жыл бұрын

thank you man

@BugBountyReportsExplained 3 жыл бұрын

👌👌

@verenasantos444 3 жыл бұрын

Thank you so much. Where is the video about shopify account takeover?

@BugBountyReportsExplained 3 жыл бұрын

here it is m.kzbin.info/www/bejne/kHfWpWZjp5Jsgsk

@AmanSingh-zo6pn 3 жыл бұрын

what is payload?

@mr_ehmed 3 жыл бұрын

keep doing..

@BugBountyReportsExplained 3 жыл бұрын

thank you

@preetham3151 3 жыл бұрын

Excellent

@BugBountyReportsExplained 3 жыл бұрын

😊

@nikitabohuslavskii3651 3 ай бұрын

Great

@SaRa-kj9ff Жыл бұрын

Hi how to earn money please guide me I dnt how to start

@akhilvarmahero 3 жыл бұрын

where is poc video

@BugBountyReportsExplained 3 жыл бұрын

you have to find it

@hdphoenix29 3 жыл бұрын

you'r 6 minutes videos teach us a book Thanks man

@katjastrand3955 3 жыл бұрын

read better books

@hdphoenix29 3 жыл бұрын

@@katjastrand3955 :)) read some literature

@BugBountyReportsExplained 3 жыл бұрын

😊

@unbalancedbinarytree2194 3 жыл бұрын

First comment, first view, first like. Where's my trophy?

@BugBountyReportsExplained 3 жыл бұрын

thanks bro! here's my first reply 😂

@sontapaa11jokulainen94 3 жыл бұрын

And only 4000$???????? Fuck Starbucks.

@BugBountyReportsExplained 3 жыл бұрын

yeah, they need to consider changing their max payout considering how much customer data they process

@sontapaa11jokulainen94 3 жыл бұрын

@@BugBountyReportsExplained btw i subbed :)

@BugBountyReportsExplained 3 жыл бұрын

@@sontapaa11jokulainen94 thank you ;)

@slavatar1337 Жыл бұрын

$4,000 is not enough for this vulnerability lol. You could get 4-5 times more on the black side. bug bounty sucks

@user-wd3iz3se5i 4 ай бұрын

who is here from web security course?

@BugBountyReportsExplained 4 ай бұрын

which one?