Lucene search
K

5 matches found

Hacker One
Hacker One
added 2021/01/26 4:31 a.m.78 views

Shopify: Open Redirect on Login Page of Stocky App

Vulnerable app is Stocky, 1. Visit login page of app with vulnerable parameter & malicious website address?returnto=//evil.com like https://stocky.shopifyapps.com/users/login?returnto=//evil.com 2. Then login to account 3. Open Redirect is executed PoC Video: F1172071 Impact Open Redirect...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2020/08/20 2:48 a.m.164 views

Shopify: Stocky App Administrator can create a backdoor admin account by using an existing POS User

Details The Stocky App has POS Users that are being created once a POS Staff logs in into the application from the Point Of Sale application on a mobile device. From the users management page located at https://stocky.shopifyapps.com/users there's no visible way to edit those POS users. Although,...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2020/06/15 6:9 p.m.205 views

Shopify: Password reset link not expired at Stocky App

You can use password reset link to reset password multiple times. Steps: 1. Go to https://stocky.shopifyapps.com/users/forgottenpassword and Send the password reset link to your email. if this page doesn't appear you should add login details via this https://stocky.shopifyapps.com/preferences/use...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2020/02/22 8:9 a.m.14 views

Shopify: user with no draft order permission can still perform action on draft order's in stocky app (idor)

@imranhudaa reported that the Shopify Stocky application was missing a permission check to download purchase orders. We implemented the missing check to resolve the issue. This is a limited disclosure at their request...

2.7AI score
Exploits0
Hacker One
Hacker One
added 2019/12/24 11:6 a.m.28 views

Shopify: Disclose Any Store products, Files, Purchase Orders Via Email through Shopify Stocky APP

Hello Shopify Security Team! Bug Summary: This bug leads to disclose any store products, files, purchase orders through shopify stocky app. It is bug in shopify app but it effects stores also. Reproduction steps: Go to apps.shopify.com and install the stocky app. Now you will be redirected to thi...

6.9AI score
Exploits0
Rows per page
Query Builder