Update gcp-firebase-privesc.md

carlospolop · web-flow · commit 8bacb080857d · 2025-12-07T12:15:37.000+01:00
diff --git a/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-firebase-privesc.md b/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-firebase-privesc.md
@@ -127,8 +127,8 @@ A function is vulnerable when it is insecurely configured:
 
 Firebase HTTP Cloud Functions are exposed through URLs such as:
 
-- [https://<region>-<project-id>.cloudfunctions.net/<function-name>](https://<region>-<project-id>.cloudfunctions.net/<function-name>)
-- https://<project-id>.web.app/<function-name> (when integrated with Firebase Hosting)
+- `https://<region>-<project-id>.cloudfunctions.net/<function-name>`
+- `https://<project-id>.web.app/<function-name>` (when integrated with Firebase Hosting)
 
 An attacker can discover these URLs through source code analysis, network traffic inspection, enumeration tools, or mobile app reverse engineering.
 If the function is publicly exposed and unauthenticated, the attacker can invoke it directly without credentials.
