gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-12 07:40:49 -08:00
Code Issues Packages Projects Releases Wiki Activity

Update gcp-firebase-privesc.md

Browse Source
This commit is contained in:
SirBroccoli
2025-12-07 12:15:37 +01:00
committed by GitHub
parent 8e8b21ce8a
commit 8bacb08085
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-firebase-privesc.md
View File

@@ -127,8 +127,8 @@ A function is vulnerable when it is insecurely configured:
Firebase HTTP Cloud Functions are exposed through URLs such as:
- [https://<region>-<project-id>.cloudfunctions.net/<function-name>](https://<region>-<project-id>.cloudfunctions.net/<function-name>)
- https://<project-id>.web.app/<function-name> (when integrated with Firebase Hosting)
- `https://<region>-<project-id>.cloudfunctions.net/<function-name>`
- `https://<project-id>.web.app/<function-name>` (when integrated with Firebase Hosting)
An attacker can discover these URLs through source code analysis, network traffic inspection, enumeration tools, or mobile app reverse engineering.
If the function is publicly exposed and unauthenticated, the attacker can invoke it directly without credentials.