Back to directory
WRITEUP #5800

Bypassing Firebase authorization to create custom goo.gl subdomains

Logic BugLogic flawIDOR
by@ThomasOrlita(Thomas Orlita)
Program
Google
Published
Sep 21, 2018
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/
RELATED WRITEUPS
Logic Flaw: I Can Block You from Accessing Your Own Account
Logic BugLogic flaw
“Like” Bypass on Customer Reviews — €500 bounty
Logic BugLogic flaw
Zomatoooo! IDOR in Saved Payments
IDOR
How I got my first $13500 bounty through Parameter Polluting (HPP)
IDORXSS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL

Built with ❤️ by Shubham Rawat