Skip to main content

Posts

Showing posts from April, 2017

Stored XSS at Google firebase via Google Cloud IAM

Google Firebase demo console platform was allowing an attacker to store an XSS under the project name. This vulnerability was created on the main page of the select project. 

- "The Firebase demo project is a standard Firebase project with fully functioning Analytics, Crash Reporting, Test Lab, Notifications, Google Tag Manager and Remote Config features. Any Google user can access it. It’s a great way to look at real app data and explore the Firebase feature set." https://support.google.com/firebase/answer/7157552
-
Using Google IAM (console.cloud.google.com) was possible to create a payload and share it to the victim. Once the victim accepts the invitation at console.firebase.google.com the payload was rendered on the main project page.






Impact: The attacker could share a project from "console.cloud.google.com" and store an XSS payload underconsole.firebase.google.com. This stored payload was been rendered every time the victim access the project page.

Bug Status:
I re…