600 matches found
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko...
Hiding in plain sight: PhantomLance walks into a market
In July 2019, Dr. Web reported about a backdoor trojan in Google Play, which appeared to be sophisticated and unlike common malware often uploaded for stealing victims' money or displaying ads. So, we conducted an inquiry of our own, discovering a long-term campaign, which we dubbed "PhantomLance...
Firebase-Extractor - A Tool Written In Python For Scraping Firebase Data
This tool is written in python2, the purpose of this tool is to parse all the results from Bing search.Basically whenever a firebaseio URL is found for an app , User instead of searching for sensitive data by going manually through the search results can use this tool.This tool works by using the...
MobiSystems Ltd.: open Firebase Database: msdict-dev.firebaseio.com
Summary: publicly available Firebase Database msdict-dev.firebaseio.com Steps To Reproduce: Version: Oxford Dictionary of English Freev11.1.511 in res/values/strings.xml https://msdict-dev.firebaseio.com Accessing your Firebase Database via https://msdict-dev.firebaseio.com/.json returns null...
MobiSystems Ltd.: Firebase Firestore insecure database
Summary: The app is exposing a firebase database url that has no read/write protections. Steps To Reproduce: 1. Decompile the Android app 2. Do a string search for firebasedatabase 3. Use the project name i.e. msdict-dev in combination with the Firestore REST API to modify the database. Supportin...
X (Formerly Twitter): Periscope-all Firebase database takeover
Hello, I found one public Firebase database of periscope.tv and I can able to insert data to this database and i only used it once for the testing purposes, so other database queries also possible. Please follow the below link to check the inserted test data. Periscope-all Firebase URL :-...
Mac-Focused Malvertising Campaign Abuses Google Firebase DBs
A malvertising group named VeryMal that targets Mac users has changed up its tactics, ditching steganography as its obfuscation technique. Instead, it’s using ad tags that fetch a payload from Google Firebase in order to redirect users to malicious pop-ups. Confiant estimates that close to 1...
How was I to find Donald Daters applications database vulnerabilities-vulnerability warning-the black bar safety net
Monday night as usual I watch TV to pass the time, but there is nothing interesting in the program. So I decided on the phone looking for fun, I started aimlessly on Twitter through various tweets, a Fox News push content caught my attention. ! Someone of Trump's supporters developed a...
@askelephant/firebase-tools (>=15.4.0 <=15.5.1), @erosolarcoder/erosolar-coder (>=1.0.87 <=1.0.93) +33 more potentially affected by unknown CVE via superstatic (>=0.4.11 <=5.0.1)
superstatic NPM version =0.4.11, =15.4.0, =1.0.87, =2.0.0, =0.3.0, =1.0.0-alpha.0, =0.1.1, =0.1.3, =1.0.0, =0.0.1, =2.0.0, =2.4.0 - @uniqueminds/firebase-tools =14.27.0 - @xanderia/xata =0.2.0 - angular-cli-firebase-hosting =0.1.0 - artificialintelligenceiseven =2.0.0 - claude-project =5.2.0 and...
Firebase Exploiting Tool - Exploiting Misconfigured Firebase Databases
Exploiting vulnerable/misconfigured Firebase databases Prerequisites Non-standard python modules: dnsdumpster bs4 requests Installation If the following commands run successfully, you are ready to use the script: git clone https://github.com/Turr0n/firebase.git cd firebase pip install -r...
Sql injection
The "Firebase Cloud Messaging FCM + Advance Admin Panel" component supporting Firebase Push Notification on iOS through 2017-10-26 allows SQL injection via the /advancepush/public/login username parameter...
CVE-2018-13850
The "Firebase Cloud Messaging FCM + Advance Admin Panel" component supporting Firebase Push Notification on iOS through 2017-10-26 allows SQL injection via the /advancepush/public/login username parameter...
CVE-2018-13850
The "Firebase Cloud Messaging FCM + Advance Admin Panel" component supporting Firebase Push Notification on iOS through 2017-10-26 allows SQL injection via the /advancepush/public/login username parameter...
CVE-2018-13850
The "Firebase Cloud Messaging FCM + Advance Admin Panel" component supporting Firebase Push Notification on iOS through 2017-10-26 allows SQL injection via the /advancepush/public/login username parameter...
CVE-2018-13850
The CVE-2018-13850 entry affects the Firebase Cloud Messaging (FCM) + Advance Admin Panel component used for Firebase Push Notification on iOS (up to 2017-10-26). The underlying issue is a SQL injection vulnerability triggered via the username parameter in /advance_push/public/login. This results...
Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases
Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurren...
Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases
Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurren...
Werewolf Online 0.8.8 - Information Disclosure Vulnerability
Exploit for Android platform in category local exploits Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link:...
Werewolf Online Android App Information Leakage Vulnerability
Werewolf Online is a "werewolf" game for Android. Werewolf Online Android 0.8.8 suffers from an information leakage vulnerability, which can be exploited by an attacker to discover Firebase tokens via logcat output...
Werewolf Online 0.8.8 - Information Disclosure
Werewolf Online 0.8.8 - Information Disclosure Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Date: 2018-05-24 Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link:...