id: cloudflare-rocketloader-htmli

info:
  name: Cloudflare Rocket Loader - HTML Injection
  author: j3ssie
  severity: low
  description: |
    The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
  remediation: Disable the rocket loader or Add a CSP header to fix this issue.
  reference:
    - https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
    - https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
  metadata:
    max-request: 1
    verified: true
  tags: misconfig,cloudflare,htmli

http:
  - method: GET
    path:
      - "{{BaseURL}}/cdn-cgi/image/width=1000,format=auto/https://raw.githubusercontent.com/simple-icons/simple-icons/develop/icons/cloudflare.svg"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Cloudflare'
          - '<svg'
          - 'M16.5088 16.8447c.1475-.5068.0908-.9707-.1553-1.3154-.2246-.3164-.6045-.499-1.0615-.5205l-'
          - '1475.5068-.0918.9707.1543 1.3164.2256.3164.6055.498'
        condition: and

      - type: word
        part: header
        words:
          - 'image/svg+xml'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100bda42992ac071da39ef0f9cc3826f472003de9c2b3a979550ab9bb2c51ed061f02202169f24c33b8d76373c78a75b076a5bafba03599c2d9c3ad7efaff5656d90b2b:922c64590222798bb761d5b6d8e72950