Channel | Publish Date | Thumbnail & View Count | Download Video |
---|---|---|---|
Publish Date not found | 0 Views |
️ Sign up for the mailing list: https://bbre.dev/nl
Follow me on Twitter: https://bbre.dev/tw
This time I have more than one bug bounty report for you. There are three reports in total, but they all affect the same functionality and are closely related. They led to authentication bypass and account takeover on Shopify and exploited the email verification flow.
Report links:
https://hackerone.com/reports/791775
https://hackerone.com/reports/796808
https://hackerone.com/reports/796956
Hacker:
https://hackerone.com/ngalog
https://twitter.com/ngalongc
Reconless Channel:
https://www.youtube.com/channel/UCCp25j1Zh9vc_WFm-nB9fhQ
Follow me on Twitter:
https://twitter.com/gregxsunday
Time stamp:
00:00 Introduction
00:33 Verifying a person's email address
01:28 Exploiting an email confirmation vulnerability
02:06 first fix
03:50 limited impact and third report
05:20 Escalation of impacts
#auth #bypass #shopify #hackerone #ato #account #takeover
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.