Back to directory

WRITEUP #3691

Shopify Multipass Misconfiguration

Auth BypassBroken authenticationLogic flaw

byAhmed A. Sherif

Program

-

Published

Jun 5, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://batee5a.medium.com/shopify-multipass-misconfiguration-2bc85e92ad1d

▸ RELATED WRITEUPS

Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming!

Auth BypassBroken authentication

Plug Security Holes in React Apps That Can Lead to API Exploitation

Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP

Auth BypassAccount takeover

Logic Flaw: I Can Block You from Accessing Your Own Account

Logic BugLogic flaw

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat