id: cloudflare-external-image-resize

info:
  name: Cloudflare External Image Resizing Misconfiguration
  author: vavkamil
  severity: info
  description: Cloudflare Image Resizing defaults to restricting resizing to the same domain. This prevents third parties from resizing any image at any origin. However, you can enable this option if you check Resize images from any origin.
  reference: https://support.cloudflare.com/hc/en-us/articles/360028146432-Understanding-Cloudflare-Image-Resizing#12345684
  tags: cloudflare,misconfig,oob

requests:
  - raw:
      - |
        GET /cdn-cgi/image/width/https://{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
        Connection: close
        Accept: */*
        Accept-Language: en

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"