How to analyze the Hackerone vulnerability of Starbucks Privacy data leakage 04/01 Update SLTechnology News&Howtos

How to analyze the Hackerone vulnerability of Starbucks Privacy data leakage

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you the Hackerone vulnerability analysis of Starbucks privacy data disclosure. The article is rich in content and analyzed and described from a professional point of view. I hope you can get something after reading this article.

Content introduction

One dreary summer afternoon, Sam Curry tried for almost a day in Verizon Media's vulnerability testing project and found nothing, so he decided to let it go and do something else. Oh, by the way, my friend's birthday is coming. Go to Starbucks website and buy her a present.

When visiting Starbucks' website, Sam stumbled upon a large number of API interactions, and he couldn't help testing it, which found a clue to the vulnerability. Under the API interface named / bff/proxy/ on Starbucks' official website, Sam first found that the path / bff/proxy/orchestra/get-user can return its own registration information, and then Sam enumerated the dictionary of / bff/proxy/orchestra/get-user/../, but all returned a status of 404. But this at least shows that it is feasible to interact with the server side, and then you just need to find the right path.

Sam tries to find the path where the user input parameters exist, and gets:

/ bff/proxy/stream/v1/me/streamItems/:streamItemId

Then the test found that:

/ bff/proxy/stream/v1/users/me/streamItems/..\..\

At this point, the server response is 403, which is approaching. Add 7\..\. After bypassing the URL construct of WAF, the server response becomes 400. Finally, in cooperation with a friend Justin, the willow revealed a path to access 99356059 customer records:

/ bff/proxy/stream/v1/users/me/streamItems/web\..\. Search\ v1\ Accounts\

Nearly 100 million Starbucks customer information is readily available!

The vulnerability was eventually rated as high risk and was rewarded with a reward of $4000.

The above is the Hackerone vulnerability analysis of Starbucks privacy data disclosure shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.