Oct 1, 2018

Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com ) with Steps


Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com )

Program : Shopify

Domain : exchangemarketplace.com
in Scope : yes it belong to shopify 

exchange.shopify.com = exchangemarketplace.com
Bounty : Not eligible for bounty!
I was using aquatone but it show me the subdomain and didn't show me that vulnerable to subdomain Takeover vulnerability !!
when I go directly to 
I found it asking me to connect the domain to my shopify Store !
Shopify team was fast response triaged and fixed the report in 15 min from triage 

Takeover steps 
1) create your free trial account of shopify store 
2) now you have a free account you just need to add your vulnerable subdomain from here 
and click on ( Connect existing domain )
3) Add your vulnerable subdomain and click on verify ( connect )
it will be like this poc
4) wait minute and now when you enter your shopify store url 
it will redirect to vulnerable subdomain
My disclosed report on Hackerone

Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student