Shopify Real Check with REST API

Question

Shopify Real Check with REST API

buckhacker opened this issue 6 years ago · 3 comments

buckhacker commented 6 years ago

Service name

Shopify

Proof

Page must contain: Sorry, this shop is currently unavailable.
CNAME must contain: myshopify.com or shops.myshopify.com
REST API Query must answer with: "status":"available"

Please read the docs for more details.

Documentation

I wrote a long article and release a small script that performs three types of test (page error message, CNAME and REST API query).
https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75
https://github.com/buckhacker/SubDomainTakeoverTools/blob/master/ShopifySubdomainTakeoverCheck.py

Answer 1 · 2018-09-12T06:34:05.000Z

I'm familiar with your article / repository - quite a fan of this work (cottoned onto it early via a Github watch).

I'll review this shortly.

Answer 2 · 2018-09-12T06:45:34.000Z

Resolved in #33

Answer 3 · 2022-07-13T14:43:28.000Z

A potentially interesting case:

ftp.target.com.		2236	IN	CNAME	target.com.
target.com.		44	IN	A	23.227.38.65
www.target.com.		28	IN	CNAME	target2.myshopify.com.
target2.myshopify.com.	1928	IN	CNAME	shops.myshopify.com.
shops.myshopify.com.	15	IN	A	23.227.38.74

target.com redirects to www.target.com (301)

In Shopify target.com and www.target.com were not available but ftp.target.com was and I was able to takeover the subdomain.