Starbucks: Unrestricted File Upload Leads to RCE on mobile.starbucks.com.sg

ko2sec discovered an .ashx endpoint on mobile.starbucks.com.sg intended for image files permitted unrestricted file type uploads which could lead to a potential RCE. ko2sec's thorough analysis provided additional endpoints on other out of scope domains that shared this vulnerability. @ko2sec —...

Starbucks: Singapore - Unrestricted File Upload Leads to XSS on campaign.starbucks.com.sg/api/upload

ko2sec discovered it was possible to upload arbitrary content on https://campaign.starbucks.com.sg/api/upload, leading to a stored XSS. This site was decommissioned. @ko2sec — thank you for reporting this vulnerability and for confirming the resolution...