The famous coffeehouse Starbucks is undoubtedly the best in its class and taste but registering yourself on the website of Starbucks could be dangerous. The registered accounts and credit card details on the website are vulnerable to hackers.
Mohammad M. Fouad, an independent security researcher from Egypt has recently found three vulnerabilities in Starbucks website. These vulnerabilities can be exploited by a hacker in just a minute.
Three of these vulnerabilities include Remote Code Execution, Remote File Inclusion and Cross Site Request Forgery (CSRF).
Credit Cards Details are in Risk
Remote File Inclusion Flaw allows a hacker to inject file from different locations to the target page. It includes source code for parsing and execution. It enables hackers to achieve Remote Code Execution on the company’s web server also perform Remote Code Execution on the client-side. It also allows hacker to implement other attacks like Cross Site Scripting (XSS). An attacker can also successfully perform phishing attack for data theft or Data manipulation in just one attempt which enables hacker to steal credit card details from the user’s account.
CSRF
In this method attacker attacks a website in which attacker masquerades as a legal user. For this all an attacker need to do is choose a target browser to type a request on their behalf. The two easy ways to do that are First, Convince a user to open his HTML page or attacker can insert an arbitrary HTML in a target website. This could allow hacker to hijack victim’s account, delete account or stealing information from it.
Starbucks Is Not Concerned Of Flaw
Being a white-hat, Mr Fouad reported Starbucks about the vulnerabilities twice but didn’t get any reply form the security team of Starbucks. Then Fouad reported the same flaws to US-CERT, which confirmed the bugs. He ultimately helped Starbucks to save their user’s information from Notorious hackers.
Mr. Fouad is still waiting for the reply from Starbucks, as the company started the bug Bounty just two month before.
Have something to add on Security Flaw found in WhatsApp ? Please add in comments.
Follow us on Facebook, Google Plus and Twitter to get more Tech News and reviews.