Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Shopify (Bug Bounty) - XML External Entity Vulnerability
Feb 17 2014 08:10AM
Mark Litchfield (mark securatary com)
Shopify suffered from an XXE attack within their online stores domain -
They were extremely quick in confirming and fixing the issue (even
though it was a Sunday).
Full details with the usual screen shots can be found at
All the best
[ more ]
Copyright 2010, SecurityFocus