-
Notifications
You must be signed in to change notification settings - Fork 169
/
Copy path100956.txt
23 lines (19 loc) · 1.04 KB
/
100956.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
ReportLink:https://hackerone.com/reports/100956
WeaknessName:Violation of Secure Design Principles
Reporter:https://hackerone.com/jurajk
ReportedTo:Shopify(shopify)
BountyAmount:
Severity:
State:Closed
DateOfDisclosure:01.12.2015 22:39:11
Summary:
PoC:
1) Protect your e-shop with a password (Storefront password)
2) Go to your e-shop URL and enter the password to access the store
3) There is a cookie created - name: storefront_digest - this cookie contains the password (in a secure way) which protects your store
4) This cookie is not marked as HttpOnly, so if there is e.g. XSS, anyone can steal this cookie
5) With this cookie anyone can access your "Opening soon" e-shop, even if he doesn't know the password
Before you answered I would like to confirm that I read shopify terms and:
1) I don't care about he password strength. It is not important in that case
2) I am pretty sure that this cookie - storefront_digest - is a sensitive cookie since by stealing this cookie you can access resources you shouldn't be able to...
Thank you.