Shopify Subdomain Takeover

In this write-up, I will be demonstrating about an easy “Subdomain Takeover via Shopify” that anyone can possibly do following these steps. Even i had not done subdomain takeover via Shopify before this.

This is my first write-up on subdomain takeover in which i was easily able to claim 3 subdomains of an organization. Put my content on it and redirect their traffic to my site or any site.

Subdomain takeover is basically when an attacker gains control over subdomain of a target domain. For example- let’s say there is example.com and it’s subdomain is accounts.example.com. Here, I was able to control accounts.example.com and put any content on it which is an asset of example.com.

So, It was huge target with subdomains more then 500. I had made a script that scans the subdomains of target(both active and passive) and then scan for takeovers with few tools. So, I supplied target.com on my Virtual Private Server (VPS) for scanning and left it overnight.

Next day, I got results where 3 of subdomains were vulnerable to Subdomain takeover. I had got lot’s of false positive before this but i don’t care about it. I am always fresh when i get sign of vulnerability and dig deep into. I browsed all of them and saw this.

Fig: Shows that this subdomain is vulnerable

Fig: Claiming vulnerable subdomain as mine

As i said, It was not just one site. I had got three subdomains in same condition. So, claimed them as well.

Fig: Connected all three subdomain and redirected 2 of them to my main site

I was also able to redirect the traffic of those subdomains to my recently created Sahil-XX.myshopify.com. I found this stuff very cool. Later, I went home from office and changed the content of site like this one. LOL😂

Fig: Takeover successful

Hope you liked reading my content and feel free to comment if you have any questions.

Peace out !!