Shopify: Open redirect using theme install

2015-11-25T07:39:40
ID H1:101962
Type hackerone
Reporter blinkms
Modified 2015-12-14T21:38:41

Description

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.

Vulnerable Endpoint - https://app.shopify.com/services/google/themes/preview/supply--blue?domain_name=example.com Impact - Medium CVSS - 6.5

Proof of concept :-

[1] Go to https://app.shopify.com/services/google/themes/preview/supply--blue?domain_name=example.com [2] You will be redirected to http://example.com/admin [3] I can host a site where /admin is not 404 {not valid page } , This can lead and increase risk of phisiing attacks & so on .