can-i-take-over-xyz icon indicating copy to clipboard operation
can-i-take-over-xyz copied to clipboard

Published 20 hours ago verified publisher icon EdOverflow

Firebase

Open random-robbie opened this issue 5 years ago • 5 comments

Service name

Google Firebase

Can i take it over

No - requires txt record to authenticate it so it's not possible.

random-robbie avatar Jan 06 '20 10:01 random-robbie

funny, I was just trying a few hours ago to take over a firebase app, I could not, but what I noticed is that the TXT record is the same for the same custom domain in the same user session, I did not test further, I was lazy, the remaining test is, to check if the TXT record is the same for the same custom domain after logout/login, and most importantly across any account, because if the victim is given a TXT record, but you are given another one for the same vulnerable.example.com, then it is not vulnerable.

melardev avatar Jan 06 '20 10:01 melardev

@random-robbie This is the TXT record I get when I try to add github.com: google-site-verification=_hFoiuxEK5rlpZZfR8DgLq48UvrqRleu6cat5EBe3x0 Can you tell me if you get the same?

melardev avatar Jan 06 '20 10:01 melardev

I get a different one: google-site-verification=vENMi3mjve0BU8HfQLJQ3ts8B9U8IF3UDBdWpN8Y1ls

shoeper avatar Feb 08 '20 11:02 shoeper

@shoeper Thanks for confirming. I keep getting the TXT I said at the beginning, so I think we get a constant TXT per account and hostname, that would mean it is not vulnerable since other accounts get a different TXT value.

melardev avatar Feb 11 '20 15:02 melardev

Can it is possible to takeover firebase subdomain

ankurtehlan avatar Jan 21 '23 16:01 ankurtehlan