Shopify: Access to Private Photos of Apps in App section(IDOR)

Bug location : https://MyShop.myshopify.com/admin/apps Description : Previewing the Photo In App section Request is vulnerable to IDOR attack where changing the ID leads to Disclose Link of Private photos. Also It discloses the Shop Domain details also. The request goes through...