Shopify is vulnerable by a New FingerPrint

Question

Shopify is vulnerable by a New FingerPrint

m7mdharoun opened this issue 6 years ago · 14 comments

Shopify

Proof

Documentation

Not Only FingerPrint Sorry, this shop is currently unavailable.
New FingerPrint that I've found in my report Now Your domain ( Name of subdomain ) is ready to connect to your Shopify Shop

Attacker991 commented 4 months ago

.

Answer 1 · 2018-10-14T06:26:16.000Z

This isn't really a new fingerprint, it's an edge case. Tested this now and it requires the store to be created, but never linked to the domain. Even if the shop is in the portal with a status of "not connected" (i.e. added to any account in advance of DNS), it can not be taken over.

Going to call this an edge case since there's some truth to it, but I think it's a fairer assessment to say it's not vulnerable as it's such an unlikely scenario that somebody would point DNS before adding their domain into their account.

Answer 2 · 2018-10-14T06:28:29.000Z

Resolved in #52

Answer 3 · 2020-05-11T22:30:05.000Z

hello @codingo,

I have found several subdomains that had the fingerprints:

Sorry, this shop is currently unavailable.

But when visiting the CNAME, it showed a perfectly working shop in shopify.

So shop.example.com was giving me "shop is currently unavailable" but when visiting example.myshopify.com it was a perfectly working shop.

Is this still vulnerable?

Answer 4 · 2020-05-13T08:11:45.000Z

Hello @codingo
I managed to takeover a subdomain, I had this fingerprint "Only one step left!
To finish setting up your new web address, go to your domain settings, click "Add existing domain", and enter: yourdomainname

Verify if the name of the store is available or not
Add your domain without the www's under Online store > Domains.

https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75

Answer 5 · 2020-10-04T08:29:00.000Z

I tookover a domain like the example above as well.

Answer 6 · 2020-12-14T19:45:16.000Z

I just managed to takeover subdomain with fingerprint "Only one step left!

Answer 7 · 2021-08-09T17:29:51.000Z

I did the same as explained above ? will this be accepted?

Answer 8 · 2022-01-06T13:56:04.000Z

I recently had a subdomain takeover on Shopify as well as described above

Answer 9 · 2022-09-03T20:29:07.000Z

Date: 04/09/2022

I takeover one.

Answer 10 · 2023-01-05T09:18:14.000Z

Just took over a subdomain with "Only one step left" fingerprint. Same procedure as Mouja0412

Answer 11 · 2023-03-03T07:13:29.000Z

I take over a subdomain called: https://shop.target.de/ and It has all the mentioned fingerprints.

Answer 12 · 2023-12-02T23:45:59.000Z

Shopify is Still Vulnerable ❤️

Answer 13 · 2024-03-15T21:01:51.000Z

"Upon visiting the domain, I received the message "Sorry, this store is currently unavailable." However, Shopify indicates that the same domain, flagged as vulnerable to takeover by Nuclei, is currently in use. Can someone clarify this discrepancy and its implications for subdomain takeover?