Shopify | Buy Button | Persistent Embed POST Inject Vulnerability

Shopify - Embed POST Inject Vulnerability

Vulnerability Lab found a Persistent Embed POST inject Vulnerability in the official shopify.com web application. The vulnerability allows attackers to create a "Buy Button" including malicious code. By embeding this button on an external page or if the button is displayed within the shopify market the code gets executed.

POC Video: Shopify Bug Bounty - (Buy Button) Persistent Embed POST Inject Vulnerability

Reference(s):

http://www.vulnerability-lab.com/get_content.php?id=1556

Rate this article: 
Average: 5 (4 votes)

Comments

Good quality and also it's website,interesting place to visit. Thank you!

I appreciate everything you have added to my knowledge base.Admiring the time and effort you put into your magazine and detailed information you offer.Thanks

Glad I could visit this blog. No tired of her constantly listening to the articles that you write. Keep the spirit

an article which you discourse in indeed very useful, thank you so much

I really appreciate this blog, because the blog is so interesting and useful for me

Regular visits to this blog, I am happy to listen to all your articles.

I don't know how often I visit this blog. What I know this blog is very useful to add to my knowledge. Thank you so much.

I discovered your website by means of Google while searching for a related topic, your website got here up. It appears good. I have bookmarked it in my google bookmarks to come back then.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.