From 9b69afe53fba95d9fb4a3d07011326683e72ee02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Valent=C3=ADn=20Blanco?= Date: Fri, 31 May 2024 12:15:57 +0200 Subject: [PATCH] Updated R2 and Workers section --- pentesting-ci-cd/cloudflare-security/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pentesting-ci-cd/cloudflare-security/README.md b/pentesting-ci-cd/cloudflare-security/README.md index 261b54f813..12b888ebd0 100644 --- a/pentesting-ci-cd/cloudflare-security/README.md +++ b/pentesting-ci-cd/cloudflare-security/README.md @@ -61,6 +61,7 @@ On each Cloudflare's worker check: * [ ] Check the **code of the worker** and search for **vulnerabilities** (specially in places where the user can manage the input) * Check for SSRFs returning the indicated page that you can control * Check XSSs executing JS inside a svg image + * It is possible that the worker interacts with other internal services. For example, a worker may interact with a R2 bucket storing information in it obtained from the input. In that case, it would be necessary to check what capabilites does the worker have over the R2 bucket and how could it be abused from the user input. {% hint style="warning" %} Note that by default a **Worker is given a URL** such as `..workers.dev`. The user can set it to a **subdomain** but you can always access it with that **original URL** if you know it. @@ -68,7 +69,9 @@ Note that by default a **Worker is given a URL** such as `.