Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Cloudflare External Image Resizing Misconfiguration

By kannthu

informative
Vidoc logoVidoc Module
#cloudflare#misconfig#oast
Description

What is the "Cloudflare External Image Resizing Misconfiguration?"

The "Cloudflare External Image Resizing Misconfiguration" module is designed to detect misconfigurations related to Cloudflare's Image Resizing feature. Cloudflare Image Resizing allows users to resize images on their websites. By default, this feature restricts resizing to images hosted on the same domain, preventing third parties from resizing images from any origin. However, misconfigurations can occur if the option to resize images from any origin is enabled, potentially exposing the website to security risks.

This module has an informative severity level, meaning it provides valuable information about potential misconfigurations but does not indicate a direct vulnerability.

This module was authored by vavkamil.

Impact

If the "Cloudflare External Image Resizing Misconfiguration" is detected, it indicates that the website's Cloudflare Image Resizing feature is misconfigured. Enabling the option to resize images from any origin can potentially allow unauthorized third parties to resize images on the website, leading to potential security risks.

How does the module work?

The "Cloudflare External Image Resizing Misconfiguration" module works by sending an HTTP request to the target website's CDN (Content Delivery Network) using the Cloudflare Image Resizing URL structure. The module checks if the request includes the interaction URL and if the protocol used is HTTP. If these conditions are met, the module identifies a potential misconfiguration.

Here is an example of the HTTP request sent by the module:

GET /cdn-cgi/image/width/https://<InteractionURL> HTTP/1.1
Host: <Hostname>
Accept: */*

The module matches the request against the specified conditions, including the part "interactsh_protocol" with the word "http". If all the matchers' conditions are met, the module reports the potential misconfiguration.

For more information, refer to the Cloudflare support documentation.

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: http
Passive global matcher
No matching conditions.
On match action
Report vulnerability