Shopify | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Customer account takeover in Shopify stores	Account Takeover OAuth	Shopify	Ophion Security (@OphionSecurity)
Reflected Cross Site Scripting (Awards 3500$ bounty)	Reflected XSS	Shopify	ShuttlerTech
Hacking Swagger-UI - from XSS to account takeovers	DOM XSS Account Takeover	Shopify Paypal GitLab Atlassian Yahoo! / Verizon Media Microsoft Jamf	Dawid Moczadło (@Kannthu1)
Cache Poisoning at Scale	Web Cache Poisoning	GitHub GitLab HackerOne Shopify Cloudflare	Youstin (@IustinBB)
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies	Dependency Confusion	Paypal Shopify Apple Netflix Yelp Uber Microsoft	Alex Birsan (@Alxbrsn)
(Shopify.com) Blind Stored XSS Via Staff Name $$$$	Stored XSS	Shopify	Rio Mulyadi (@Riomulyadi_)
How I Earned $1750 at Shopify Bug Bounty Program	XSS Open Redirect	Shopify	Ashish Dhone (@Ashketchum_16)
How I gained access to revenue and traffic data of thousands of Shopify stores	IDOR	Shopify	Ayoub Fathi (@_Ayoubfathi_)
Handlebars template injection and RCE in a Shopify app	SSTI RCE	Shopify	Mahmoud Gamal (@Zombiehelp54)
Exploiting Google Calendars	Broken Authorization Information Disclosure	Uber Shopify Netflix	Rojan Rijal (@Uraniumhacker) Brandon Nguyen (@Cmdrsnuggle)
Reflected XSS at https://photos.shopify.com	Reflected XSS	Shopify	Ahamed Morad (@Modam3r5)
Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com ) with Steps	Subdomain Takeover	Shopify	Mohamed Haron (@M7mdharon)
Shopify Athena Bug	Broken Authorization Information Disclosure	Shopify	Rojan Rijal (@Uraniumhacker)
How to do 55.000+ Subdomain Takeover in a Blink of an Eye	Subdomain Takeover	Shopify	BuckHacker (@Thebuckhacker)
Should this be public though?	Information Disclosure	Shopify Uber	Rojan Rijal (@Uraniumhacker)
How we tookover shopify accounts with one single click	Stored XSS	Shopify	WeSecureApp (@Wesecureapp)
Let’s steal some tokens!	CSRF XSS Account Takeover	Google Shopify	Mahmoud Gamal (@Zombiehelp54)

Page 1 of 1