Full Disclosure: Shopify (Bug Bounty) - XML External Entity Vulnerability

Nmap Security Scanner
- Intro
- Ref Guide
- Install Guide
- Download
- Changelog
- Book
- Docs
Security Lists
- Nmap Hackers
- Nmap Dev
- Bugtraq
- Full Disclosure
- Pen Test
- Basics
- More
Security Tools
Site News
Advertising
About/Contact
Sponsors:

Full Disclosure mailing list archives

Shopify (Bug Bounty) - XML External Entity Vulnerability

From: Mark Litchfield <mark () securatary com>
Date: Mon, 17 Feb 2014 00:11:38 -0800

Shopify suffered from an XXE attack within their online stores domain -*.myshopify.com

They were extremely quick in confirming and fixing the issue (eventhough it was a Sunday).

Full details with the usual screen shots can be found athttp://www.securatary.com


--
All the best

Mark Litchfield
http://www.securatary.com
Twitter - http://twitter.com/securatary


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Shopify (Bug Bounty) - XML External Entity Vulnerability Mark Litchfield (Feb 17)