Shopify: Arbitrary read on s3://shopify-delivery-app-storage/files
Short ==== An attacker is able to read arbitrary files from the delivery app storage if the bucket key is known to him. Vector ==== 1 The victim uploads a.png to a product his shop located at https://myhackeronestore.myshopify.com. 1a The file is stored at...