Shopify Giftcard Cart

On December 22th, 2015, a bug bounty hunter called Juhhga reported another reflected XSS on Shopify. Let's check the request he made:

    Content-Disposition: form-data; 
    name="properties[Artwork file]" after: Content-Disposition:
form-data;
name="properties[Artwork file<img src='test'
onmouseover='alert(2)'>]";

He found that the Artwork File was vulnerable to XSS, and inserted the JavaScript code there.

If you want to read the complete report, you can find the original post here: https://hackerone.com/reports/95089.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.16.66.237