Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Blog posts atom feed of a store with password protection can be accessed by anyone
Xenx - HackerOnePosted 4 Years Ago- Shopify is a complete commerce platform that lets you start, grow, and manage a business. It has a protected atom feed, which is similar to RSS. These can be protected by a password.
- The atom feed was password protected. By finding the preview version of this, the title and some of the content would be seen. Viewing this resulted in a leak of private information.
- Overall, this was a really simple bug; just a lack of auth on an endpoint. Sometimes, accessing data in unexpected ways has access control problems. This reminds me of a DropBox vulnerability from a 2020.
