Это видео недоступно.
Сожалеем об этом.
Android Firebase Database takeover vulnerability | Bug bounty poc
HTML-код
- Опубликовано: 27 мар 2024
- In this video i am going to show you how to find vulnerability in android firebase database this is only for education so that everyone can hunt for this vulnerability and report to bounty program and secure there websites if anyone from youtube review team watching this please dont restrict this video it take times to find this vulnerability and teach everyone...
Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
![Mary J. Blige - Breathing (feat. Fabolous) [Official Video]](http://i.ytimg.com/vi/snMHObq-6E0/mqdefault.jpg)
Never give up even u get duplicate/rejection to ur bug bounty report be strong do it again u will win one day God Bless all Viewers u will get bug Bounty reward $200+ 🎉🎉
❤️
Exactly! Just got my first bounty yesterday. Prototype poisoning chained to DOM XSS. Scored a high severity for my first bug :D This was the 5th bounty i'd tried in the day. All about persistence!
happy yo hear this ☺️
@@xTwistCinema congratulations bro i hope others will find too
@@lostsecc appreciate bro 🖐🖐😇😇
Literally I'm in love with your skills...❤❤❤
😇☺️❤️
best underrated channel
my pleasure to hear this ☺️😇
I really hope that the security specialist checking the POC is watching it with the same music. Thank you for your videos, you are inspiring
☺️❤️yeahh if they watch it sure they like music 😉
Bro again, just love this tutorials ❤️
❤️
WOW What a data breach hats off bro
😇❤️
pls share your wsl theme. and also pls make video of all tools, scripts, extensions you use for hunt. Video is on fire 🔥🔥🔥🔥
join.telegram.i.will share there t.me/lostsec
Cool to have TopG in the intro bg music
I don't like the empty theories and repeated knowledge of other vloggers. I appreciate your training through practical and direct practice, for the first time since using RUclips. I have learned many practical and highly applicable things through your videos. Will donate to your positive and meaningful work
keep going brother always for you all 😇❤️
Thnx bro i installed successfully ❤️
❤️
Great video as always, have a great day brother
thnq brother 😇❤️
These man is born for make a history 👨💻 bug bounty industry
☺️❤️😇
Bhai next video after you find a bug , aap usko kaise report karte ho ... For eg - mail kaise likhte ho , screenshot... Etc ... Please 🥺 make a video on this
use chatgpt
This is very cool, keep it up brother ❤😊
thnq brother ❤️
Bro you are absoulute legend 💯💪
❤️😇
Hi, I was wondering how you set the terminal background?
P.S Amazing video!!
its wsl2 kali with ohmyposh custom theme
@@lostsecc Thank you for help!!
Bro i am a big fan of yours. Bro can you tell me how u find private programs for hunt
you need 2-4 valid p3 bug reports so you get invites..
Thank you bro
My friend have a problem I want you to help me You are the best person on RUclips legend
sure bro dm me in telegram @lostsec
bro do you have insta @@lostsecc
Nice catch
❤️
Nice POC .
thnq brother ❤️
love your content 🎉
❤️
Lmao, firebase Realtime db rules seem to have pretty bad docs (at least I couldn't get them working how i wanted when i used it), so people just end up using really insecure rules. (I was one of those people).
Do you actually make money off of this tho? Is this actually part of a bug bounty program? Do you make decent money from doing bounties?
it cost 5000$+ if you find it in bug bounty program bro
play ken carson in the background this is so tuff
sure ❤️
sorry for the question but I'm new to this, what can an attacker do with this?
you can read write all things in there firebase database
Bro do you also bug hunt in Android apps(ssl pinning bypass )or only websites?
there are many tool and software for testing it without ssl pinning bypass
@@lostsecc which one?
Bro, i want to buy your premium course.
Please make course from beginning to advance in special bug bounty
Please 🙏🏻🥺
Please sir 😢 please
I humble request
Please sir 😢
you dont need to pay anything i will post free all things...just active on my telegram channel ❤️
🔥
It can be easily Avoided Right?
what
@@lostsecc no I mean website owners can avoid that by one click 🤧
depend on there brand
great work bro keep it up
❤️
How have you found the link to the database?
decompile apk
@@lostsecc what is that ?
its android testing reverse engneering
Bhai mein aapke steps same to same follow karta hu fir bhi bugs nhi milte
try hard work sure u will do not a hard..
Wow 🎉
How did ya get a background on your wsl?
download window terminal from microsoft store
Bhai how did you find this api parameter to be vulnerable 🎉🎉
after decompile apk
Woohu
❤️
Can you explain from scratch until professionalism
youtube not allowed full touturials so i will send in my telegram channel.
AYYY GG
great job... teach me bro
Bro make a list of basic commands that you use for Bounty that can help lot bro
sure
@@lostseccthnk bro❤
❤🎉
duddde the bug is still not fixed !? where did you get that 5000$ from ? they don't even have a bug bounty program
i said its worth 5000$ even more
@@lostsecc how ? you didn't get paid for it :
How did you find the firebase uri ??
decompile apk reverse engnerring
I see, this isnt a bug bounty program right?
yes,otherwise it not allowd in yt
Seeeeeeeeeeeeeeeeeeeeeeeeeesh...!
❤️
I get all bugs rejected or duplicate or p5
dont worry we all get in start keep going bro it takes time ...
How u found the firebase link and the endpoint
decompile apk
they don't have bug bounty program tho ??
no they are nigerian startup company
bro which operating system
you use ??
kali wsl2
@@lostsecc please make a vedio how to setup in windows
ok
@@lostsecc thnkyou bhai
juicy
how much did you earn this year?
this year i earned love and respect ❤️ that cost more then anything..
tate for president hacker
🌝
Brother i want to learn from you pls
join telegram @lostsec
Hey how to start mobile pentesting
Termux
🤣not termux bro
just decompile the apk and find sensitive firebase endpoint ..
@@lostsecc oh I have seen somewhere penetration testing using termux.
There's tool on ps called termux tools & commands. That's where I learned
Anyway I got it👌
@@lostsecc what tools are you using to decompile the apk?
How to find this vulnerability
you need to learn android testing..
@@lostseccplease can you make a video on important or necessary things one needs to know to start things.
sure
I can remove client side security in general but where did I get this link from
How to do remote code execution during application penetration
How do I find these files?
you need to learn android testing
abi yalvarırım roadmap videosu paylaş
Is this private program or in hackerone
nope hackerone programs policy not allowed to show these much sensitive data its a wrkman app just search on playstore..
Amazing 😮❤
☺️❤️
Bro did they paid you 5k$ for this?
they are newly started company in nigeria i talked with him he is fixing that issue...
how did you find it ?
decompile apk
@@lostsecc and then how do i find that url?
is there a script to do it en masse ?
you need to look in there storage database after decompile
@@lostsecc do a video about it
Bounty?? And Song name???
song name royalty
thanks@@lostsecc
i think it got rejected
nope i have discussion with the company ceo in twitter it will fix soon..
@@lostsecc but they havent paid right?
they will pay after fix
Terminal name ?
kali wsl2 window terminal
bro, how many gaps have you found? how much money have you earned? 🤣
🌝
Bro anew tool is not installing in kali linux how can i install it
dm me in telegram what the error u facing..
Bro i contacted the bot but no response came bro@@lostsecc
what is.your name is telegram
Kiran bro