Subdomain Takeover Via Shopify

  • Reported to Private
  • Reported by Haqtify
  • High (8.8)
  • $700
  • Published 1 month ago
  • No Likes

URL:

https://shop-fr.redacted.com/

Description:

I opened checkout.redacted.com on the browser it was redirecting on shopify that mean anyone can claim it via shopify.com. Company should remove the DNS or redirect all to the main domain far from open individually to claim an attacker to take over.

Possible To Takeover Hint:

 

Steps To Reproduce:

1.Goto Shopify.com and create trial account on Shopify.

https://accounts.shopify.com/

2.Then just put this vulnerable subdomain on Shopify domain config.

 

3.Sub-Domain added and Configured.

4.After all configuration, subdomain takeover successfully.