daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/misconfiguration/cloudflare-image-ssrf.yaml

26 lines
933 B
YAML
Raw Normal View History

minor update
2021-05-09 15:06:52 +00:00
id: cloudflare-external-image-resize
Adding cloudflare-image-ssrf
2021-05-09 14:56:24 +00:00
info:
minor update
2021-05-09 15:06:52 +00:00
name: Cloudflare External Image Resizing Misconfiguration
Adding cloudflare-image-ssrf
2021-05-09 14:56:24 +00:00
author: vavkamil
severity: info
description: Cloudflare Image Resizing defaults to restricting resizing to the same domain. This prevents third parties from resizing any image at any origin. However, you can enable this option if you check Resize images from any origin.
reference: https://support.cloudflare.com/hc/en-us/articles/360028146432-Understanding-Cloudflare-Image-Resizing#12345684
minor update
2021-05-09 15:06:52 +00:00
tags: cloudflare,misconfig,oob
Adding cloudflare-image-ssrf
2021-05-09 14:56:24 +00:00
requests:
- raw:
- |
GET /cdn-cgi/image/width/https://{{interactsh-url}} HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Connection: close
Accept: */*
Accept-Language: en
matchers:
- type: word
part: interactsh_protocol
words:
- "http"