Unauthorized Access to Protected Images on Only1.app
complete
ANTI
Description:
An unauthorized access vulnerability has been identified in the Only1.app platform that allows users to view protected images without payment by exploiting the direct media link.
Steps to Reproduce:
- Navigate to any protected post on Only1.app, e.g., https://only1.app/posts/9b3157c0-4a59-11ee-8a01-33c347d8c3bc
- Identify the etagId of the media content.
- Append the etagId to the base URL https://s.only1.app/. For instance, using the etagId dba3ce5d8bab055090cf271c4acb2e44, the resulting link would be https://s.only1.app/dba3ce5d8bab055090cf271c4acb2e44
- Access the generated link to view the protected image without any restrictions.
K
Kenta Iwasaki
complete
This has been resolved.
Kitty 4Down
Was this resolved?
ANTI
Kitty 4Down: Yes.