Starbucks: SQL injection in partner id field on https://www.teavana.com (Sign-up form)

While signing up for "teavana" shopping account on it came to notice that the partner id validation fails and exists SQL injection. So this is what I did: 1 Visit https://www.teavana.com/us/en/account 2 Click on signin create shopping account 3 In the partnerno, gave an input of "1234" 1.PNG Resu...

Starbucks: Missing CSRF Token On Remove Coupun From Cart

Hi, When remove coupun, there's no CSRF token, at this time i use ███████ Coupun to reproduce it. Vuln Request POST /on/demandware.store/Sites-Teavana-Site/default/Cart-RemoveCoupon HTTP/1.1 Host: www.teavana.com User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; rv:53.0 Gecko/20100101 Firefox/53.0...

Starbucks: Persistent CSRF in /GiftCert-AddToBasket prevents purchases on eCommerce sites

SUMMARY -------------- Hello, I have found an extremely interesting issue that can be used to permanently lock a user's possibility of ever buying anything from teavana.com by removing the credit card payment method. POC --------- CSRF snippet Bla bla DESCRIP...

Starbucks: Open redirect / Reflected XSS payload in root that affects all your sites (store.starbucks.* / shop.starbucks.* / teavana.com)

Hello, during some open redirects testing, I have noticed a very strange redirect that occured when I had modified a parameter using something like cofee. I have digged up further and then I have noticed that one can make a redirect by modifying GET parameters with this structure : //google.com...

Starbucks: Create New User Whilst Logged On

The website www.teavana.com allows users already logged on to create new account with a very simple url redirect. When an account is created a page is displayed with your account information and what you want to update. By simply refreshing the page allows you to create a new account whilst still...

Starbucks: Reflected XSS on teavana.com (Locale-Change)

SUMMARY ---- Hello, the link at https://www.teavana.com/on/demandware.store/Sites-Teavana-Site/default/Locale-Change?LocaleID=enCA was identified by changing languages is prone to reflected XSS in the "en" zone of the LocaleID parameter. One can inject javascript that will be reflected back to th...

Starbucks: CSRF exploit | Adding/Editing comment of wishlist items (teavana.com - Wishlist-Comments)

Hello Team, I noticed there is no CSRF protection in Adding/Editing comment of wishlist items. AREA: https://www.teavana.com/us/en/my-wishlist Attacker could take advantage of this issue and exploit victim remotely. POC: Method: POST POST URL:...