Default credentials for the temporary POC site alipoc.stg.starbucks.com.cn permitted WAF bypass and RCE
Medium
S
Starbucks
Submitted None
Team Summary
Official summary from Starbucks
neweq discovered that a temporary proof of concept site alipoc.stg.starbucks.com.cn was initially configured with default credentials for a brief period of time before being taken offline. @neweq — thank you for reporting this vulnerability and for confirming the resolution.
Actions:
Reported by
b006e4ea768a5d1b5340969
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
OS Command Injection