Рет қаралды 16,053
📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
This video is an explanation of bug bounty report of critical vulnerability submitted on Hackerone to Starbucks bug bounty program. It was secondary context path traversal in application that was using microservices and allowed to access almost 100 million customer records.
Original blogpost:
samcurry.net/hacking-starbucks/
Original report:
hackerone.com/reports/876295
Presentation about the topic:
Slides: docs.google.com/presentation/...
Video: • Attacking Secondary Co...
Sam Curry:
/ samwcyo
hackerone.com/zlz
Justin Gardner:
/ rhynorater
hackerone.com/rhynorater
00:00 Intro
00:49 Microservice architecture
02:25 Identifying the vulnerability
03:52 bypassing WAF
04:42 exploiting the vulnerability
#path #traversal #microservices #hackerone #starbucks #secondary #context