Report links:
https://hackerone.com/reports/791775
https://hackerone.com/reports/796808
https://hackerone.com/reports/796956
Hacker:
https://hackerone.com/ngalog
https://twitter.com/ngalongc
Reconless channel:
https://www.youtube.com/channel/UCCp25j1Zh9vc_WFm-nB9fhQ
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:33 verifying someone’s email address
01:28 exploiting email confirmation vulnerability
02:06 first fix
03:50 limited impact and third report
05:20 escalating the impact
#auth #bypass #shopify #hackerone #ato #account #takeover
Add comment