Create free Shopify application credits ($2900 USD)

We discussed this vulnerability during Episode 81 on 13 September 2021

The Shopify GraphQL endpoint has a mutation appCreditCreate for Shopify apps to issue credits to merchants that can be used towards future app purchases. While this mutation cannot be used through the GraphQL endpoint at /admin/internal/web/graphql/core the GraphiQL app provided by Shopify however does allow the mutation. Allowing unauthorized users to create credits