You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I know this project was probably a POC and is not maintained, but there are some security issues for anyone clicking the link from YouTube..
I wanted to test the security of Firebase and how there is essentially no server side validation of documents.
I cloned the repo, copied the firebase config from the production site, and modified sendMessage to:
Where text is no longer a string, but an object. This throws an error in react, bringing the site down for everybody right now and you cannot see/send any messages.
You can also set your profile picture to anything you'd like, set extra params on the object (Fill storage, etc.) and im sure many other malicious things..
The text was updated successfully, but these errors were encountered:
I know this project was probably a POC and is not maintained, but there are some security issues for anyone clicking the link from YouTube..
I wanted to test the security of Firebase and how there is essentially no server side validation of documents.
I cloned the repo, copied the firebase config from the production site, and modified sendMessage to:
Where text is no longer a string, but an object. This throws an error in react, bringing the site down for everybody right now and you cannot see/send any messages.
You can also set your profile picture to anything you'd like, set extra params on the object (Fill storage, etc.) and im sure many other malicious things..
The text was updated successfully, but these errors were encountered: