Shopify: authenticity token not verfied leads to change business name

Hello security team , while sign up I have noticed that authenticity token is not verified leads to change info like business name Steps to reproduce 1- visit this url https://www.shopify.com/partners and add you mail then click on join now 2- Then fill out your data and click on create new partn...

HackerOne: Spamming any user from Reset Password Function

It is possible to spam any user whose email-id is known. This can be combined with csrf attack i.e automated to send 50 emails with a click. This is reset password form --- Forgot password To retrieve your password enter the email address you used to sign up. Here, authencity token can be used mo...