Starbucks: Default credentials for the temporary POC site alipoc.stg.starbucks.com.cn permitted WAF bypass and RCE

neweq discovered that a temporary proof of concept site alipoc.stg.starbucks.com.cn was initially configured with default credentials for a brief period of time before being taken offline. @neweq — thank you for reporting this vulnerability and for confirming the resolution...