42 lines
1.5 KiB
YAML
42 lines
1.5 KiB
YAML
id: cloudflare-rocketloader-htmli
|
|
|
|
info:
|
|
name: Cloudflare Rocket Loader - HTML Injection
|
|
author: j3ssie
|
|
severity: unknown
|
|
description: |
|
|
The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
|
|
remediation: Disable the rocket loader or Add a CSP header to fix this issue.
|
|
reference:
|
|
- https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
|
|
- https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
tags: misconfig,cloudflare,htmli,miscellaneous
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/cdn-cgi/image/width=1000,format=auto/https://raw.githubusercontent.com/simple-icons/simple-icons/develop/icons/cloudflare.svg"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- 'Cloudflare'
|
|
- '<svg'
|
|
- 'M16.5088 16.8447c.1475-.5068.0908-.9707-.1553-1.3154-.2246-.3164-.6045-.499-1.0615-.5205l-'
|
|
- '1475.5068-.0918.9707.1543 1.3164.2256.3164.6055.498'
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- 'image/svg+xml'
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100fb1e62e23ca2fabae5ffb89410f9adb4b139fc5128bf0b56efb219cb67ca7196022016ed5944ae69a92d056c3540e5e2b04cb0a6e256fc9df37e63909be77a2b31b8:922c64590222798bb761d5b6d8e72950 |