Fetching external resources through svg images

Disclosed: 2016-06-21 06:19:16 By detroitsmash To shopify

Unknown

Vulnerability Details

Hi, I found the exactly same bug #97501 at ``https://app.shopify.com/services/partners/api_clients/<APP-ID>`` when uploading the svg image on app icon. ###Steps to reproduce it + Make a new app at https://app.shopify.com/services/partners/api_clients + Goto app setting ``https://app.shopify.com/services/partners/api_clients/<APP-ID>`` + Now upload the attached svg image and change the xlink with your owner. + Save changes and check your server log. {F97509} Thanks

Actions

View on HackerOne

Report Stats

Report ID: 142709
State: Closed
Substate: resolved
Upvotes: 30

Fetching external resources through svg images

Vulnerability Details

Actions

Report Stats

Share this report