ANTI
Description:
An unauthorized access vulnerability has been identified in the Only1.app platform that allows users to view protected images without payment by exploiting the direct media link.
Steps to Reproduce:
  1. Navigate to any protected post on Only1.app, e.g., https://only1.app/posts/9b3157c0-4a59-11ee-8a01-33c347d8c3bc
  2. Identify the etagId of the media content.
  3. Append the etagId to the base URL https://s.only1.app/. For instance, using the etagId dba3ce5d8bab055090cf271c4acb2e44, the resulting link would be https://s.only1.app/dba3ce5d8bab055090cf271c4acb2e44
  4. Access the generated link to view the protected image without any restrictions.