漏洞描述
Transform via URL feature in Cloudflare allow attackers to show arbitrary images to the visitor of a crafted URL on the website. This can be used to perform various attacks such as phishing, defacement, etc.
cloudflare-transform-via-url-injection: Cloudflare Transform via URL - Image Injection
PoC代码[已公开]
id: cloudflare-transform-via-url-injection
info:
name: Cloudflare Transform via URL - Image Injection
author: j3ssie
severity: unknown
description: |
Transform via URL feature in Cloudflare allow attackers to show arbitrary images to the visitor of a crafted URL on the website. This can be used to perform various attacks such as phishing, defacement, etc.
remediation: Disable Images → Transformations → “Resize from any origin” setting in Cloudflare console.
reference:
- https://developers.cloudflare.com/images/transform-images/transform-via-url/
metadata:
verified: true
max-request: 1
tags: misconfig,cloudflare,htmli,miscellaneous,vuln
http:
- method: GET
path:
- "{{BaseURL}}/cdn-cgi/image/width=1000,format=auto/https://raw.githubusercontent.com/simple-icons/simple-icons/develop/icons/cloudflare.svg"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Cloudflare'
- '<svg'
- 'M16.5088 16.8447c.1475-.5068.0908-.9707-.1553-1.3154-.2246-.3164-.6045-.499-1.0615-.5205l-'
- '1475.5068-.0918.9707.1543 1.3164.2256.3164.6055.498'
condition: and
- type: word
part: header
words:
- 'image/svg+xml'
- type: status
status:
- 200
# digest: 490a004630440220559ef961d3ead6110e2d82d29e272cd6d36ffcdc96f69690ca1bfefb45d3ec250220708755146d6c263c242fca462f049ac4579c39c5b2dcfd12861196846a70b34a:922c64590222798bb761d5b6d8e72950