Starbucks: Unrestricted File Upload Leads to RCE on mobile.starbucks.com.sg
ko2sec discovered an .ashx endpoint on mobile.starbucks.com.sg intended for image files permitted unrestricted file type uploads which could lead to a potential RCE. ko2sec's thorough analysis provided additional endpoints on other out of scope domains that shared this vulnerability. @ko2sec —...