mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-18 00:23:52 +08:00
209538baa6
* info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes
24 lines
793 B
YAML
24 lines
793 B
YAML
id: cloudflare-external-image-resize
|
|
|
|
info:
|
|
name: Cloudflare External Image Resizing Misconfiguration
|
|
author: vavkamil
|
|
severity: info
|
|
description: Cloudflare Image Resizing defaults to restricting resizing to the same domain. This prevents third parties from resizing any image at any origin. However, you can enable this option if you check Resize images from any origin.
|
|
reference:
|
|
- https://support.cloudflare.com/hc/en-us/articles/360028146432-Understanding-Cloudflare-Image-Resizing#12345684
|
|
tags: cloudflare,misconfig,oast
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /cdn-cgi/image/width/https://{{interactsh-url}} HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept: */*
|
|
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol
|
|
words:
|
|
- "http"
|