nuclei-templates/misconfiguration/google/insecure-firebase-database....

38 lines
961 B
YAML
Raw Normal View History

2022-05-08 12:17:11 +00:00
id: insecure-firebase-database
info:
name: Insecure Firebase Database
author: rafaelwdornelas
severity: high
description: If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase database.
reference:
- https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty
2022-05-08 12:18:27 +00:00
metadata:
2022-05-09 09:43:18 +00:00
verified: true
2022-05-08 12:17:11 +00:00
tags: firebase,google,misconfig
requests:
- raw:
- |
PUT /{{randstr}}.json HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"id":"insecure-firebase-database"}
- |
GET /{{randstr}}.json HTTP/1.1
Host: {{Hostname}}
req-condition: true
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- '{"id":"insecure-firebase-database"}'
- type: status
status:
- 200