28 lines
1017 B
YAML
28 lines
1017 B
YAML
id: cloudflare-external-image-resize
|
|
|
|
info:
|
|
name: Cloudflare External Image Resizing Misconfiguration
|
|
author: vavkamil
|
|
severity: info
|
|
description: Cloudflare Image Resizing defaults to restricting resizing to the same domain. This prevents third parties from resizing any image at any origin. However, you can enable this option if you check Resize images from any origin.
|
|
reference:
|
|
- https://support.cloudflare.com/hc/en-us/articles/360028146432-Understanding-Cloudflare-Image-Resizing#12345684
|
|
metadata:
|
|
max-request: 1
|
|
tags: cloudflare,misconfig,oast
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /cdn-cgi/image/width/https://{{interactsh-url}} HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept: */*
|
|
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol
|
|
words:
|
|
- "http"
|
|
|
|
# digest: 4b0a00483046022100b349b59deadbbd3c967d5af501dbb0ab67a90f79024ca65d93d704b402b6ca0e022100f8288e1c7cd97b401daec7946f8355b03037e6e2d9a747dc91d0d45ee178d9c1:922c64590222798bb761d5b6d8e72950
|