Oct 1, 2018

Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com ) with Steps

Advertisement




Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com )


Program : Shopify

Domain : exchangemarketplace.com
in Scope : yes it belong to shopify 

exchange.shopify.com = exchangemarketplace.com
Bounty : Not eligible for bounty!
*****************************************
I was using aquatone but it show me the subdomain and didn't show me that vulnerable to subdomain Takeover vulnerability !!
when I go directly to 
blog.exchangemarketplace.com
I found it asking me to connect the domain to my shopify Store !
Shopify team was fast response triaged and fixed the report in 15 min from triage 


****************************
Takeover steps 
1) create your free trial account of shopify store 
2) now you have a free account you just need to add your vulnerable subdomain from here 
https://your-shop.myshopify.com/admin/settings/domains
and click on ( Connect existing domain )
3) Add your vulnerable subdomain and click on verify ( connect )
it will be like this poc
4) wait minute and now when you enter your shopify store url 
it will redirect to vulnerable subdomain
*********************************
My disclosed report on Hackerone

Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

0 comments: