Starbucks has recently addressed a critical vulnerability affecting its mobile platform. The bug, upon exploitation, could severely threaten the platform security as it allowed code execution attacks.
Starbucks Mobile Platform Vulnerability A security researcher Kamil “ko2sec” Onur Özkaleli discovered a critical security vulnerability in the Starbucks mobile platform. In brief, the bug affected the Singapore domain of the coffee giant. Exploiting this bug could allow an adversary to execute codes via remote access on the target platform. Specifically, the vulnerability resided in the file upload feature on the domain mobile.starbucks.com.sg. This feature generally allows uploading image files. However, it lacked a check on the type of file uploads. Hence, it became possible for an attacker to upload malicious files to the domain and execute malicious codes.
Attribution link: https://latesthackingnews.com/2020/12/12/starbucks-mobile-platform-vulnerability-could-lead-to-remote-code-execution/