Shopify: Open redirect using theme install

ID H1:101962
Type hackerone
Reporter blinkms
Modified 2015-12-14T21:38:41


An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.

Vulnerable Endpoint - Impact - Medium CVSS - 6.5

Proof of concept :-

[1] Go to [2] You will be redirected to [3] I can host a site where /admin is not 404 {not valid page } , This can lead and increase risk of phisiing attacks & so on .