This is a summary of ways Firebase databases can disclose sensitive data via insecure rules.
Пікірлер: 6
@dumpperson34494 жыл бұрын
Hey @B3nac loving your content thanks for sharing with us 💓💓
@danimartinez74904 жыл бұрын
Hey I don't see where you get the injuredandroid.firebaseio.com url from, do you need to guess it? package.firebaseio.com or something like that? Regards
@B3nacSec4 жыл бұрын
Hi! You can find the InjuredAndroid firebase url in strings.xml or from the sqlite flag. Walk-throughs of the flags are located here github.com/B3nac/InjuredAndroid/blob/master/InjuredAndroid-FlagWalkthroughs.md.
@dineshdinz13854 жыл бұрын
is vulnerable APK available anywhere ?
@B3nacSec4 жыл бұрын
The APK is available here github.com/B3nac/InjuredAndroid. A Firebase flag is currently in development and will be available in the next update.
@dineshdinz13854 жыл бұрын
@@B3nacSec awsome CTF. I have tried most of them... Waiting for newer ones.