Introduction

This is my bug bounty write up about firebase database takeover vulnerability which I found in android app. There are just a few resources about android hacking. This article aims to briefly documents about one of the android vulnerability called firebase database takeover vulnerability. For this purpose I will share my finding about this vulnerability. I will blur some of the company information. Being said that , let’s get jump in.

Steps To Reproduce

1. Download application from google playstore.

2. Use apk extractor to extract apk.

3. I used bluestack emulator.

4. Use apktool to decompile the application.

5. Go to res/values/strings/xml

6.Look for firebase url

7.I wrote a python script to insert data

8.POC(Proof Of Concept)

Impact

This application doesn’t need any access _token to insert data to the firebase database. It is completely open and anybody can access it without any credentials.

Timeline

Vulnerability Reported – 15 October, 2020 3:37 AM.

Replied – 15 October, 2020 12:31 PM

Rewarded $100 for two reports – 21 October, 2020 11:21 AM.

Conclusion

I really appreciate the company for very fast reply when I was submitting the vulnerability and they replied me to disclose this vulnerability. I really enjoy finding bugs in their organization and thanks for agreeing to disclose this report and rewarding me a bounty.

References

https://medium.com/@danangtriatmaja/firebase-database-takover-b7929bbb62e1