Shopify is vulnerable by a New FingerPrint

[m7mdharoun]

Shopify

Proof

https://hackerone.com/reports/416474

Documentation

Not Only FingerPrint Sorry, this shop is currently unavailable.
New FingerPrint that I've found in my report Now Your domain ( Name of subdomain ) is ready to connect to your Shopify Shop

[codingo]

This isn't really a new fingerprint, it's an edge case. Tested this now and it requires the store to be created, but never linked to the domain. Even if the shop is in the portal with a status of "not connected" (i.e. added to any account in advance of DNS), it can not be taken over.

Going to call this an edge case since there's some truth to it, but I think it's a fairer assessment to say it's not vulnerable as it's such an unlikely scenario that somebody would point DNS before adding their domain into their account.

[codingo]

Resolved in #52

[marcelo321]

hello @codingo,

I have found several subdomains that had the fingerprints:

Sorry, this shop is currently unavailable.

But when visiting the CNAME, it showed a perfectly working shop in shopify.

So shop.example.com was giving me "shop is currently unavailable" but when visiting example.myshopify.com it was a perfectly working shop.

Is this still vulnerable?

[Mouja0412]

Hello @codingo
I managed to takeover a subdomain, I had this fingerprint "Only one step left!
To finish setting up your new web address, go to your domain settings, click "Add existing domain", and enter: yourdomainname

Verify if the name of the store is available or not
Add your domain without the www's under Online store > Domains.

https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75

[NagliNagli]

I tookover a domain like the example above as well.

[h4ckdi]

I just managed to takeover subdomain with fingerprint "Only one step left!

[wicked-wick]

I did the same as explained above ? will this be accepted?

[wouterdedroog]

I recently had a subdomain takeover on Shopify as well as described above

[ibk96]

Date: 04/09/2022

I takeover one.

[FalcoXYZ]

Just took over a subdomain with "Only one step left" fingerprint. Same procedure as Mouja0412

[sl4x0]

I take over a subdomain called: https://shop.target.de/ and It has all the mentioned fingerprints.

[xElkomy]

Shopify is Still Vulnerable ❤️

[Attacker991]

"Upon visiting the domain, I received the message "Sorry, this store is currently unavailable." However, Shopify indicates that the same domain, flagged as vulnerable to takeover by Nuclei, is currently in use. Can someone clarify this discrepancy and its implications for subdomain takeover?

[Attacker991]

.

[WadQamar10]

Shopify is not vulnerable to Subdomain Takeover anymore right? Because i faced this message in the photo, when i tried to takeover a subdomains

[paxnull]

Shopify is not vulnerable to Subdomain Takeover anymore right? Because i faced this message in the photo, when i tried to takeover a subdomains

that domain is already connected with another shopify, so in that case, it doesnt vulnerable to subdomain takeover