A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.

MuhammadKhizerJaved

MuhammadKhizerJaved Last update: Feb 20, 2024

Insecure-Firebase-Exploit

A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "write" an attacker can probably dump database and write his own data to firebase db.

Blog:

https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/

Usage:

Firebase-Write-Permission-Exploit.py This is the Updated Version of Exploit i made. Now simply give the Database Name, File Name You wish to create, Your Information. And Write it to the Insecure/vulnerable firebase databases.

python Firebase-Write-Permission-Exploit.py

Enter Firebase Databse Name: <Database Name Here>
Enter Your Filename: <File Name Here>
Enter your name: <Your Name Here>
Enter your email: <Your Email Here>
Enter your Blog: <Your Contact link Here>
Enter A Message: <A Message you want to display alongside the basic Exploit info>

Thanks to

Thanks to friends for a better POC idea and helping with errors.

Daniyal Nasir: https://www.facebook.com/786daniyal Ijaz Ur Rahim: https://www.facebook.com/MisterDebugger

Tags:

Owner

MuhammadKhizerJaved

MuhammadKhizerJaved

GitHub Repository https://github.com/MuhammadKhizerJaved

DRF-like declarative viewsets for FastAPI

Core functionality only (basic viewsets & schema classes): Database tools: Let's create a viewset for managing content posts. It will provide full kit of actions with simple mock data: Pseudocode…

Python ticketing utility for working with tickets in popular tools

ticketutil is a Python module that allows you to easily interact with various ticketing tools using their REST APIs. Currently, the supported tools are JIRA, RT, Redmine, Bugzilla, and ServiceNow. Al…

HUB REST API Python bindings

The hub-rest-api-python provides Python bindings for Hub REST API. Introducing the new Client class. In order to provide a more robust long-term connection, faster performance, and an overall better …

:evergreen_tree: Python module for communicating with the Taiga API

Warning

IDEX v3 Exchange REST API python implementation

The examples above use the wallet private key when creating the Client to specify which wallet to interact with. IDEX v3 supports the Mumbai testnet as a sandbox to test functionality. For other toke…

Serving a keras model (neural networks) in a website with the python Django-REST framework.

Python library to interface with Gerrit's REST API

Pygerrit2 is tested on the following platforms and Python versions: Support for Python 2.x is no longer guaranteed. To install pygerrit2, simply: This simple example shows how to get the user's open …

Code repository for Building RESTful Python Web Services, published by Packt

All of the code is organized into folders. Each folder starts with a number followed by the application name. For example, Chapter02. The code will look like the following: In order to work with the …

⛔️ [DEPRECATED] python wrapper for Firebase's REST API

A very simple wrapper for Firebase's REST API. Install python-firebase using pip: or with easy_install (not recommended): Then simply import firebase at the top of your python script: and then instan…

Quickly turn command-line applications into RESTful webservices with a web-application front-end. You provide a specification of your command line application, its input, output and parameters, and CLAM wraps around your application to form a fully fledged RESTful webservice.

CLAM allows you to quickly and transparently transform your Natural Language Processing application into a RESTful webservice, with which both human end-users as well as automated clients can interac…