Tags: websec firebase 


# Challenge description

We are collecting cool flag names for our next CTF, please suggest us some cool names and we’ll store them in our database for our next CTF. https://fl4g-c0ll3ct10n.vishwactf.com/


in this challenge we find some interesting thing in the source code

The above are config settings for a firebase app, we can use these to access the database which will eventually contain the flag

searching for a while found a good resource here :
*** https://book.hacktricks.xyz/pentesting/pentesting-web/buckets/firebase-database ***

i tried using a python script , some other tools. eventually the tool Baserunner worked !

first step is to collect all the config elements as well as the db url !! which is the most important, then you have to READ a collection. replacing ==COLLECTION== with flag will print out all the elements inside the flag table/collection.




And there's our flag:

``` Flag : vishwactf{[email protected]_rule$} ```

Original writeup (https://github.com/j3seer/VishwaCTF-2022-Writeup/tree/main/web/Flag%20collection).