Lucene search

K
hackeroneAhmedalahmedH1:982510
HistorySep 15, 2020 - 9:58 a.m.

Shopify: Self XSS

2020-09-1509:58:16
ahmedalahmed
hackerone.com
$500
67

I have found self xss in myshopify.com/admin/apps/import-store/
POC

1 - Go to yourstore.myshopify.com
2 - Go to settings > App -> Import [ maybe ask you for your platform select any one ]
3 - Upload file csv with file name payload xss "><img src>

Impact

XSS Attack