[go: up one dir, main page]

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shopify is vulnerable by a New FingerPrint #46

Closed
m7mdharoun opened this issue Oct 1, 2018 · 17 comments
Closed

Shopify is vulnerable by a New FingerPrint #46

m7mdharoun opened this issue Oct 1, 2018 · 17 comments
Assignees
Labels
edge case An edge case was discovered where it is possible to hijack a subdomain on this service. not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers.

Comments

@m7mdharoun
Copy link

Shopify

Proof

https://hackerone.com/reports/416474

Documentation

Not Only FingerPrint Sorry, this shop is currently unavailable.
New FingerPrint that I've found in my report Now Your domain ( Name of subdomain ) is ready to connect to your Shopify Shop

@m7mdharoun m7mdharoun changed the title Shopify is vulnerable by a new way Shopify is vulnerable by a New FingerPrint Oct 1, 2018
@m7mdharoun m7mdharoun reopened this Oct 7, 2018
@codingo
Copy link
Collaborator
codingo commented Oct 14, 2018

This isn't really a new fingerprint, it's an edge case. Tested this now and it requires the store to be created, but never linked to the domain. Even if the shop is in the portal with a status of "not connected" (i.e. added to any account in advance of DNS), it can not be taken over.

Going to call this an edge case since there's some truth to it, but I think it's a fairer assessment to say it's not vulnerable as it's such an unlikely scenario that somebody would point DNS before adding their domain into their account.

@codingo codingo added not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers. edge case An edge case was discovered where it is possible to hijack a subdomain on this service. labels Oct 14, 2018
@codingo codingo self-assigned this Oct 14, 2018
@codingo codingo closed this as completed Oct 14, 2018
@codingo
Copy link
Collaborator
codingo commented Oct 14, 2018

Resolved in #52

@marcelo321
Copy link

hello @codingo,

I have found several subdomains that had the fingerprints:

Sorry, this shop is currently unavailable.

But when visiting the CNAME, it showed a perfectly working shop in shopify.

So shop.example.com was giving me "shop is currently unavailable" but when visiting example.myshopify.com it was a perfectly working shop.

Is this still vulnerable?

@Mouja0412
Copy link
Mouja0412 commented May 13, 2020

Hello @codingo
I managed to takeover a subdomain, I had this fingerprint "Only one step left!
To finish setting up your new web address, go to your domain settings, click "Add existing domain", and enter: yourdomainname

Verify if the name of the store is available or not
Add your domain without the www's under Online store > Domains.

https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75

subdomain

@NagliNagli
Copy link

I tookover a domain like the example above as well.

@h4ckdi
Copy link
h4ckdi commented Dec 14, 2020

I just managed to takeover subdomain with fingerprint "Only one step left!

@wicked-wick
Copy link

I did the same as explained above ? will this be accepted?

@wouterdedroog
Copy link
wouterdedroog commented Jan 6, 2022

I recently had a subdomain takeover on Shopify as well as described above

@ibk96
Copy link
ibk96 commented Sep 3, 2022

Date: 04/09/2022

I takeover one.

@FalcoXYZ
Copy link
FalcoXYZ commented Jan 5, 2023

Just took over a subdomain with "Only one step left" fingerprint. Same procedure as Mouja0412

@sl4x0
Copy link
sl4x0 commented Mar 3, 2023

I take over a subdomain called: https://shop.target.de/ and It has all the mentioned fingerprints.
image

@xElkomy
Copy link
xElkomy commented Dec 2, 2023

Shopify is Still Vulnerable ❤️

@Attacker991
Copy link
Attacker991 commented Mar 15, 2024

"Upon visiting the domain, I received the message "Sorry, this store is currently unavailable." However, Shopify indicates that the same domain, flagged as vulnerable to takeover by Nuclei, is currently in use. Can someone clarify this discrepancy and its implications for subdomain takeover?

@Attacker991
Copy link

.

@WadQamar10
Copy link

Shopify is not vulnerable to Subdomain Takeover anymore right? Because i faced this message in the photo, when i tried to takeover a subdomains

IMG_٢٠٢٤٠٧١٧_١١٥٣١٨

@paxnull
Copy link
paxnull commented Sep 10, 2024

Shopify is not vulnerable to Subdomain Takeover anymore right? Because i faced this message in the photo, when i tried to takeover a subdomains

IMG_٢٠٢٤٠٧١٧_١١٥٣١٨

that domain is already connected with another shopify, so in that case, it doesnt vulnerable to subdomain takeover

@paxnull
Copy link
paxnull commented Sep 30, 2024

Shopify is not vulnerable anymore right? need some confirmation from this community

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
edge case An edge case was discovered where it is possible to hijack a subdomain on this service. not vulnerable Someone has made it very clear that this service is not vulnerable to subdomain takeovers.
Projects
None yet
Development

No branches or pull requests