Firebase #128
Comments
|
funny, I was just trying a few hours ago to take over a firebase app, I could not, but what I noticed is that the TXT record is the same for the same custom domain in the same user session, I did not test further, I was lazy, the remaining test is, to check if the TXT record is the same for the same custom domain after logout/#, and most importantly across any account, because if the victim is given a TXT record, but you are given another one for the same vulnerable.example.com, then it is not vulnerable. |
|
@random-robbie This is the TXT record I get when I try to add github.com: |
|
I get a different one: |
|
@shoeper Thanks for confirming. I keep getting the TXT I said at the beginning, so I think we get a constant TXT per account and hostname, that would mean it is not vulnerable since other accounts get a different TXT value. |
EdOverflow
added
the
not vulnerable
|
Can it is possible to takeover firebase subdomain |
and others
Service name
Google Firebase
Can i take it over
No - requires txt record to authenticate it so it's not possible.
The text was updated successfully, but these errors were encountered: