Merge pull request #58 from valenbg1/patch-1

Updated R2 and Workers section
HackTricks-wiki · Jun 4, 2024 · f1fbbfe · f1fbbfe
2 parents fead43e + 9b69afe
commit f1fbbfe
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/pentesting-ci-cd/cloudflare-security/README.md b/pentesting-ci-cd/cloudflare-security/README.md
@@ -61,14 +61,17 @@ On each Cloudflare's worker check:
 * [ ] Check the **code of the worker** and search for **vulnerabilities** (specially in places where the user can manage the input)
   * Check for SSRFs returning the indicated page that you can control
   * Check XSSs executing JS inside a svg image
+  * It is possible that the worker interacts with other internal services. For example, a worker may interact with a R2 bucket storing information in it obtained from the input. In that case, it would be necessary to check what capabilites does the worker have over the R2 bucket and how could it be abused from the user input.
 
 {% hint style="warning" %}
 Note that by default a **Worker is given a URL** such as `<worker-name>.<account>.workers.dev`. The user can set it to a **subdomain** but you can always access it with that **original URL** if you know it.
 {% endhint %}
 
 ## R2
 
-TODO
+On each R2 bucket check:
+
+* [ ] Configure **CORS Policy**.
 
 ## Stream