Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Firebase Config Exposure

By kannthu

Low
Vidoc logoVidoc Module
#firebase#exposure#config
Description

What is the "Firebase Config Exposure?"

The "Firebase Config Exposure" module is designed to detect misconfigurations in Firebase applications. Firebase is a popular mobile and web application development platform that provides various services, including authentication, real-time database, and cloud storage. This module focuses on identifying potential security risks related to the exposure of sensitive configuration information.

This module has a low severity level, indicating that the identified misconfigurations may not pose an immediate threat but should still be addressed to prevent potential security breaches.

Author: geeknik

Reference: https://github.com/firebase/firebaseui-web/blob/master/demo/public/sample-config.js

Impact

If the Firebase configuration is exposed, it can potentially allow unauthorized access to sensitive information, such as API keys, authentication domains, database URLs, and storage bucket details. Attackers could exploit this information to gain unauthorized access to the Firebase services, manipulate data, or perform other malicious activities.

How does the module work?

The "Firebase Config Exposure" module works by sending HTTP requests to specific paths, such as "/public/config.js" and "/config.js", within the target application. It then applies matching conditions to identify potential misconfigurations.

One example of a matching condition is checking for the presence of specific keywords, including "apiKey:", "authDomain:", "databaseURL:", and "storageBucket:". If these keywords are found in the response, it indicates that sensitive configuration information is exposed.

The module also verifies the HTTP response status code, ensuring that it receives a successful response (status code 200) for the specified paths.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/public/config.js/config.js
Matching conditions
word: apiKey:, authDomain:, databaseURL:, stor...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability