Vulnerabile Shopify stores #127
Comments
|
I read your message, I am still trying to understand it, can you help me(or us) to understand this? UPDATE: I got it!!! In that very bad quality image, there are some domains that are applications built on top of Shopify, some of them(I just found one) do not exist. UPDATE2: In that image I saw you requested mediation to HackerOne because you were not happy with how Shopify closed the report, I don't know if it was closed as N/A or Spam, but at least here this post is a Spam, no hate against you, but this post is nothing more than spam. |
|
Now ?
…On Thu, Dec 19, 2019, 11:28 PM MelarDev ***@***.***> wrote:
I read your message, I am still trying to understand it, can you help
me(or us) to understand this?
The worst thing is that I achieved to read 2 domains in that very bad
quality picture, and both sites are alive
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#127?email_source=notifications&email_token=ADSETVU6KIQCKWH36VSY74LQZOY3XA5CNFSM4J5MFOK2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHKNMBA#issuecomment-567596548>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADSETVRLBZYXPUPKLSYFU3TQZOY3XANCNFSM4J5MFOKQ>
.
|
|
The report was closed as duplicate , and if you are aware of hackerone rules , they must either merge the duplicate report to the original one or acknowledge the duplicate with the original report Id . They did nothing but said that they knew the issue internally |
|
Sorry I submitted this report month ago and all were tested at that time , coz at that time I had 20k domains fully tested . I thought it would be worth testing |
|
@arjunnkn Hint: the trick is on the table of that hackerone docs page. |
|
All were vulnerabile to subdomain takeover that too wildcard one that gives countless subdomains takeover at once per domains This is misconfiguration at client end but when Shopify is allowing a non parent domain owner to takeover any other parent subdomain it's Shopify issue |
|
|
@melardev what you got as response from hackerone for your shopify submission ? |
|
This is outside the remit of this repository. Further posting of vulnerable sites will lead to a ban. |
Service name
pamleftpamright.com
peterreed.com
pgpromotionalitems.co.uk
piecestopeaces.com
pillowfightfactory.com
pilovilo.com
pitbull-store.co.uk
portraydesigns.com
quantumbassmarket.com
quickmobilefix.com
rayethelabel.com
rdfabrikwerks.com
rebeccaminkoff.com
recoconyc.com
ripdiculous.com
ritualandlore.com
roughneckoutlet.com
sabithestore.us
samayhome.com
sayitwithasock.com.
seasiderug.com
seavees.com
shiokcollaborative.sg
shoewin.com
shop.thegentlemensposse.com
shopsuperdeluxe.com
shopwickliffela.com
simplepaperie.com
simplicitylaser.com
sinnersattire.com
skandiboxes.com
slaworldwide.com
smilingdesignsforkids.com
smithstreetcandles.com
sockittome.com.au
socutesocute.com
songbirdocarina.com
specialeventsparklers.com
spornette898.com
squashabout.com
squat-life.co.uk
squeekyart.com
st-roche.com
storydeals.com
straightfromthebarrel.net
streetgents.com
sugarcityspeedshop.com
suite7seven.com
sun-siesta.com
sundaeriot.com
sweetorange.shop
t2mwireless.com
Proof
All are vulnerable via Shopify service
Documentation
Attached
The text was updated successfully, but these errors were encountered: