SupaPwn: Hacking Our Way into Lovable's Office and Helping Secure Supabase
We hacked our way into Lovable's office by demoing SupaPwn — a chain that could potentially enable region-wide tenant takeover: event-trigger privilege window, DB superuser, host RCE, SUID escalation, exposed configs, orchestration takeover
