Information Exposure Through an Error Message at news.starbucks.com

Disclosed: 2019-01-31 18:39:42 By seytan6161 To starbucks

Medium

Vulnerability Details

I've discovered Information Exposure Through an Error Message on your system POC link: https://news.starbucks.com/cms/index.php?/cp/login/forgotten_password_form=http://evil.com/?id=test-test Vulnerable url --> https://news.starbucks.com/cms/index.php?/cp/login/forgotten_password_form=http://evil.com/?id=test-test Proof screenshot attached. ## Impact Impact references: https://cwe.mitre.org/data/definitions/209.html Best regards

Actions

View on HackerOne

Report Stats

Report ID: 482707
State: Closed
Substate: not-applicable
Upvotes: 5

Information Exposure Through an Error Message at news.starbucks.com

Vulnerability Details

Actions

Report Stats

Share this report