How I accepted myself into Canada's largest AI hackathon | fastcall's blog
A freshman discovered he could accept his own hackathon application by exploiting Firebase database rules that let users modify their acceptance status—because the site fetched entire application objects instead of specific fields.
Read Original Summary used for search
TLDR
• The vulnerability: Site fetched full application objects from Firebase, allowing users to update fields like applicationStatus: "accepted" that should have been admin-only
• Bonus bug: Even after the patch, users could still read sensitive reviewer data (full names, comments, ratings) because the site grabbed whole objects instead of specific fields
• Discovery process: Used exposed Sentry source maps to read original code, then pyrebase library to test Firebase permissions
• Root cause: Overly permissive database write rules combined with client-side design that assumed users would only modify allowed fields
• Responsibly disclosed with patches deployed within days
In Detail
The author applied to GenAI Genesis 2025, a major AI hackathon at University of Toronto, and while resetting their password noticed the Firebase domain—triggering memories of Firebase misconfiguration articles. They decided to test for common vulnerabilities using the pyrebase Python library after extracting the Firebase config from the frontend.
The critical flaw was in the application's architecture: instead of fetching specific fields, the site grabbed entire application objects including admin-only fields like applicationStatus and statusFlags. Combined with Firebase database rules that allowed users to update their own application records, this meant anyone could send an update request changing their status to "accepted" with all the corresponding flags set to true. The author demonstrated this with a simple Python script that modified their application status before decisions were even announced.
After the initial patch tightened write permissions, the author discovered a second vulnerability: users could still read sensitive information from their application objects, including their reviewer's full name, private comments, and ratings—data that should have been hidden until official decisions. The maintainers fixed this by refactoring the site to use specific fetch functions rather than grabbing whole objects, allowing for properly scoped database rules. The disclosure timeline shows responsible handling with patches deployed within days of each report.