Day 91/100 Hack and Improvement

Day 91 comes with some readings on Sam Curry’s find in starbucks.

Into Starbucks Database

From Sam (CoffeeJunkie). Reading this post from Sam Curry, It came pretty handy to see how path traversal vulnerabilities can come pretty handy these times. He found a call in the starbucks API which can retrieve the information of nearly 100 million users with the following path traversal attack.

GET /bff/proxy/stream/v1/users/me/streamItems/web\..\.\..\.\..\.\..\.\..\.\..\.\search\v1\Accounts\ HTTP/1.1
Host: app.starbucks.com

Where the path \search\v1\Accounts\ retrieve the information of the nearly 100 million users.

via GIPHY