Tag Archives: shopify

shopify ssrf

I found a server side request forgery vulnerability within the ‚add image via url‘ function in myshopifys adminpanel. A could perform port scans on remote hosts, proxying through shopifys servers. Accessing internal networks was not possible at this time. Timeline: 20.12.2014 vulnerability discovered 21.12.2014 bug reported to shopify 02.02.2015 issue confirmed, but not eligible for […]

bug bounty

december 2014 – shopify wall of fame   jan 2015 – shopify wall of fame   march 2015 – paypal wall of fame   may 2015 – at&t top10 q1   june 2015 – paypal top10 q1   september 2015 – paypal top10 q2   november 2015 – at&t top10 q3   december 2015 – […]