Tag Archives: ssrf

shopify ssrf

I found a server side request forgery vulnerability within the ‚add image via url‘ function in myshopifys adminpanel. A could perform port scans on remote hosts, proxying through shopifys servers. Accessing internal networks was not possible at this time. Timeline: 20.12.2014 vulnerability discovered 21.12.2014 bug reported to shopify 02.02.2015 issue confirmed, but not eligible for […]