Easiest P3 You May Not Know

Hello , I am Muneeb and this write up shows a step by step POC on how you can find easily a P3 vulnerability in any VDP or BB program.

Reported unauthorised access to FireBase of a Mobile Application via BugCrowd

Vulnerability Description:
A mobile application apk containing a sensitive URL but not securely handled. During the testing it was discovered that a known mobile application contains a URL to it’s Firebase database upon accessing the URL it was accessed without any authentication . Please see the below step by step POC showing how you can test any apk for this vulnerability.

Steps to Reproduce

1. Use APK Editor studio or any tool to de-compile apk
2. go to the path apkpackage/res/values/ and open file strings.xml using notepad
3. You will see complete database URL in the file.
4. <string name=”firebase_database_url”>https://<nameOFMobileApp>-mobile-application.firebaseio.com</string>
5. now access this URL on browser

https://<nameOFMobile>-application.firebaseio.com/.json

6. Now you have accessed the firebase without any authentication. See the below attached image.

Unauthorised access to Firebase (Sensitive Information Disclosed)

Developer email ID disclosed

Conclusion:
1. Always look for firebase URL while testing APK’s. You may discover an unauthenticated Firebase.
2. You can also use MobSF tool for automated scan over APKs but I prefer manual testing.
3. Unfortunately this was a duplicate.

If you find this write up useful considering giving it a clap. Follow me for more easy to understand write ups.
Thank you for reading.
Connect with me on LinkedIn:
https://www.linkedin.com/in/muneeb-alam-khan-4a6a60152/