Firebase Allow Anonymous Read and Write Access

Description:

A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both “read” & “write” an attacker can probably dump database and write his own data to firebase db.

How to Find the Firebase URLs:

Firebase Scanner:

2. More than 3,000 apps were leaking data from 2,300 unsecured servers. Of these, 975 apps were in active customer environments.

Firebase-Exploit:

python Firebase-Write-Permission-Exploit.py

Mitigation:

Application should restrict the read and write access permission

Related posts:

Life is too short to be hanging out with negative people — even if they’re family. Sarcasm, pessimism, cynicism, one-upping, constant complaining, chronic discontent, blamey, shamey, judgey, negative…

We just released OpenLogin across all our platforms (read the announcement here), including Torus Wallet! Our Torus Wallet users can now enjoy seamless Face/TouchID authentication that OpenLogin…

In our highly dynamic and rapidly changing world, standing out of the crowd and creating something much bigger than yourself requires one major thing: focus — such a simple word; such a powerful…