How I was able to find firebase database takeover vulnerability in a company
This is my bug bounty write up about firebase database takeover vulnerability which I found in android app. There are just a few resources about android hacking. This article aims to briefly documents about one of the android vulnerability called firebase database takeover vulnerability. For this purpose I will share my finding about this vulnerability. I will blur some of the company information. Being said that , let’s get jump in.
Steps To Reproduce
1. Download application from google playstore.
2. Use apk extractor to extract apk.
3. I used bluestack emulator.
4. Use apktool to decompile the application.
5. Go to res/values/strings/xml
6.Look for firebase url
7.I wrote a python script to insert data
8.POC(Proof Of Concept)
This application doesn’t need any access _token to insert data to the firebase database. It is completely open and anybody can access it without any credentials.
Vulnerability Reported – 15 October, 2020 3:37 AM.
Replied – 15 October, 2020 12:31 PM
Rewarded $100 for two reports – 21 October, 2020 11:21 AM.
I really appreciate the company for very fast reply when I was submitting the vulnerability and they replied me to disclose this vulnerability. I really enjoy finding bugs in their organization and thanks for agreeing to disclose this report and rewarding me a bounty.