Subdomain Takeover Via Shopify

  • Reported to Private
  • Reported by Haqtify
  • High (8.8)
  • $700
  • Published 3 years ago
  • No Likes



I opened on the browser it was redirecting on shopify that mean anyone can claim it via Company should remove the DNS or redirect all to the main domain far from open individually to claim an attacker to take over.

Possible To Takeover Hint:


Steps To Reproduce:

1.Goto and create trial account on Shopify.

2.Then just put this vulnerable subdomain on Shopify domain config.


3.Sub-Domain added and Configured.

4.After all configuration, subdomain takeover successfully.