Open Redirection in Login - Korean Starbucks

Disclosed: 2019-03-20 16:49:58 By jtjisgod To starbucks

Low

Vulnerability Details

Summary: Open Redirection is performed in Korean Starbucks login page. An attacker can redirect victim to other site such as fishing. Description: When victim visit https://www.istarbucks.co.kr/login/login.do?redirect_url=//www.bughunting.net this site, and login, he/she is redirected to www.bughunting.net page. PoC https://www.istarbucks.co.kr/login/login.do?redirect_url=//www.bughunting.net Etc I attached a PoC video. ## Impact Fishing

Actions

View on HackerOne

Report Stats

Report ID: 380939
State: Closed
Substate: resolved
Upvotes: 52

Open Redirection in Login - Korean Starbucks

Vulnerability Details

Actions

Report Stats

Share this report