Shopify (Bug Bounty) - XML External Entity Vulnerability

[Mark Litchfield <mark () securatary com>]

Shopify suffered from an XXE attack within their online stores domain - 
*.myshopify.com

They were extremely quick in confirming and fixing the issue (even 
though it was a Sunday).

Full details with the usual screen shots can be found at 
http://www.securatary.com

--
All the best

Mark Litchfield
http://www.securatary.com
Twitter - http://twitter.com/securatary


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/