Google Firebase demo console platform was allowing an attacker to store an XSS under the project name. This vulnerability was created on the main page of the select project. - "The Firebase demo project is a standard Firebase project with fully functioning Analytics, Crash Reporting, Test Lab, Notifications, Google Tag Manager and Remote Config features. Any Google user can access it. It’s a great way to look at real app data and explore the Firebase feature set." https://support.google.c om/firebase/answer/7157552 - Using Google IAM ( console.cloud.google.com ) was possible to create a payload and share it to the victim. Once the victim accepts the invitation at console.firebase.google.com the payload was rendered on the main project page. Impact: The attacker could share a project from " console.cloud.google.com " and store an XSS payload under console.firebase.google.com . This stored payload was been rendered every time the victim ...
Senior Security Consultant - Proof & Concepts - Deeplook SpA