24 lines
789 B
YAML
24 lines
789 B
YAML
id: cloudflare-external-image-resize
|
|
|
|
info:
|
|
name: Cloudflare External Image Resizing Misconfiguration
|
|
author: vavkamil
|
|
severity: info
|
|
description: Cloudflare Image Resizing defaults to restricting resizing to the same domain. This prevents third parties from resizing any image at any origin. However, you can enable this option if you check Resize images from any origin.
|
|
reference:
|
|
- https://support.cloudflare.com/hc/en-us/articles/360028146432-Understanding-Cloudflare-Image-Resizing#12345684
|
|
tags: cloudflare,misconfig,oast
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /cdn-cgi/image/width/https://{{interactsh-url}} HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept: */*
|
|
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol
|
|
words:
|
|
- "http"
|