A safety researcher has found a possible distant code execution (RCE) vulnerability in certainly one of Starbuck’s cellular domains which has now been patched.
As many different giant firms do, the US coffee large has a bug bounty program on HackerOne and it was there that Kamil “ko2sec” Onur Özkaleli submitted a vulnerability report again in November that was just lately made public.
According to the advisory, ko2sec found an .ashx endpoint designed for dealing with picture information on a platform for Starbucks prospects in Singapore on the web site, cellular.starbucks.com.sg. While the endpoint was meant for picture information, it didn’t prohibit file sort uploads so an attacker may doubtlessly exploit this to add malicious information as an alternative and remotely execute arbitrary code.
Starbucks has not made the entire particulars of the bug bounty report public but it surely did observe that ko2sec’s evaluation revealed that “additional endpoints on other out of scope domains that shared this vulnerability”.
Starbucks bug bounty program
While a CVE has not been issued for this vital vulnerability, a severity rating of 9.8 was added to the report and ko2sec obtained $5,600 for his work.
However, this is not the primary vulnerability that ko2sec has present in Starbucks Singapore’s web site. Back in October, he found an account takeover exploit within the firm’s web site attributable to open take a look at environments. This bug may very well be exploited to focus on customers by their e-mail addresses, view their private info and use any credit score loaded of their account wallets to make purchases.
Ko2sec obtained $6,000 for his work on this report and since launching its bug bounty program on HackerOne again in 2016, Starbucks has obtained 1068 vulnerability stories on the platform and paid out $640,000 in bounties to safety researchers.