What Is Shopify
Shopify Inc. is a Canadian multinational e-commerce company headquartered in Ottawa, Ontario. It is also the name of its proprietary E-Commerce platform for online stores and retail point-of-sale systems. Read More… or you can take a visit to this website, Click Here.
SUMMARY
Recently I saw that a person won $15,000. His name is Ron Chan (ngalog).Â
Actually, he hacked the Shopify platform two times and won a deserving amount. he cleared wrote in the Hacktivity that how he was able to bypass the email confirmation of Shopify.
Basically, he was able to enter someone else’s account without his password. It was a critical vulnerability which could be exploited by Some Black Hat Hackers. But hopefully, it was patched by the time.
First, he created a trial account of Shopify. then he went to the profile page where he changed his EMAIL to an email which was already existed. And that’s it. now, somehow the server sends the email confirmation link to the EMAIL he had created for testing. and that’s how he was able to get into someone else’s account with the password and permission.
Email system mistakenly sends the confirmation link of the victim to the attacker because the attacker is the one that is saved on the system, and the email system didn’t notice the confirmation link has been updated to the victim and should not be sent to attack.
You can read more about this vulnerability from HERE.
Stay home, stay safe and keep reading our articles.
Thanks For Visiting.
Hi hello i am Shanti gujariya muje heckre ban na he