menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Programming News

>

Hacking bu...
source image

Medium

2w

read

292

img
dot

Image Credit: Medium

Hacking bubble.io apps: For Education purpose only❗❗❗

  • Companies using Bubble, a low-code platform, have been found to forget to hide their Swagger documentation access, opening up the opportunity for a man-in-the-middle attack.
  • Accessing the Swagger documentation at /api/1.1/meta allows hackers to add, edit, delete, and create data without user authorization, as well as impersonate users.
  • Certain endpoints in Bubble's API do not require access tokens or credentials, exposing sensitive information such as property views and search appearances.
  • The responsibility for securing apps built on low-code platforms like Bubble lies with the developers, who need to implement proper security protocols.

Read Full Article

like

17 Likes

For uninterrupted reading, download the app