Open redirect in bulk edit
Unknown
Vulnerability Details
Hi ,
I have found an open redirection issue when bulk editing resources.
#PoC:
Go to `https://<shop>.myshopify.com/admin/bulk?resource_name=Product&return_to=/..//evil.com` then click the **Close** button and you'll go to *evil.com*
Thanks!
Actions
View on HackerOneReport Stats
- Report ID: 169759
- State: Closed
- Substate: resolved
- Upvotes: 28