Skip to content

A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.

MuhammadKhizerJaved/Insecure-Firebase-Exploit

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Dec 20, 2021

Insecure-Firebase-Exploit

A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.

Blog:

https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/

Usage:

Firebase-Write-Permission-Exploit.py This is the Updated Version of Exploit i made. Now simply give the Database Name, File Name You wish to create, Your Information. And Write it to the Insecure/vulnerable firebase databases.

Usage POC Image

python Firebase-Write-Permission-Exploit.py

Enter Firebase Databse Name: <Database Name Here>
Enter Your Filename: <File Name Here>
Enter your name: <Your Name Here>
Enter your email: <Your Email Here>
Enter your Blog: <Your Contact link Here>
Enter A Message: <A Message you want to display alongside the basic Exploit info>

Thanks to

Thanks to friends for a better POC idea and helping with errors.

Daniyal Nasir: https://www.facebook.com/786daniyal Ijaz Ur Rahim: https://www.facebook.com/MisterDebugger

About

A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages