Firebase Database Leak & External Storage Leak | P1-P2 | Bug Bounty Series - EP 23 | Ran$ome

Welcome back to the channel guys, in this episode we will be covering 2 vulnerabilities called Firebase Database Information Leakage & External Storage Information Leakage.

Firebase Database includes all the sensitive information including user's information and other company information. We have to decompile the application and search for the firebase link and add '.json' after the firebase url. If the URL is leaking any kind of information then the vulnerability is present. This is a P1 vulnerability.

External storage information leakage also works on the similar principle. Decompile the apk and search for sensitive xml documents. If any 'config', 'backup', 'keys' or any suspicious xml document is present, open it and search for some sensitive information. This vulnerability comes under P2.

Both of the vulnerabilities are Android vulnerabilities thus bit complex.

APK Easy Tool - https://www.filehorse.com/download-ap...
Sample Report (Firebase) - https://pastebin.com/9i26WufL
Sample Report (External Storage) - https://pastebin.com/EN336c34

Do comment if you have any doubt and do like and subscribe the channel for more such cybersecurity related content.

#cybersecurity #bugbountytips #bugbounty #howto #firebase #android