I made a small proof of concept to show how the database of the Donald Daters app is vulnerable. With this POC I can: - see all private messages - see all user info - delete what I want: a message, an user, the all database, ...pic.twitter.com/7doErhzYdY
-
Show this thread
-
The goal is not to harm the app, so it worth to say that I deleted nothing , I will not share the code of this POC and I will not share the database. However, it's worth a write up so I will try to write an article in the coming days.
4 replies 6 retweets 50 likesShow this thread -
Replying to @fs0c131y
Valentin Retweeted Elliot Alderson
Ok, but as far I can remember dealing with firebase, having theses information is enough for us to access dbhttps://twitter.com/fs0c131y/status/1051928109497405440 …
Valentin added,
1 reply 0 retweets 1 like -
-
-
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.