Back to directory
WRITEUP #5838

How I could have launched a spear phishing campaign with Starbucks email servers

OtherHost header injection
by@B3nac(Kyle)
Bounty
150
Program
Starbucks
Published
Sep 1, 2018
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://b3nac.github.io/bugs/2018/09/01/How-I-could-have-launched-a-spear-phishing-campaign-with-Starbucks-newsletter-signup.html
RELATED WRITEUPS
Data Theft in Salesforce: Manipulating Public Links
OtherSOQL injection
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff
OtherSSTI
Ghost In The Ppl Part 1: Byovdll
OtherUse-After-Free

Built with ❤️ by Shubham Rawat