JelteMX
commented
4 years ago (replying from my other account): Could you provide me with the returned HTML (obviously without any privacy sensitive info) so I can see if I can identify it?
Open MrAmericanMike opened 4 years ago
JelteMX
commented
4 years ago (replying from my other account): Could you provide me with the returned HTML (obviously without any privacy sensitive info) so I can see if I can identify it?
MrAmericanMike
commented
4 years ago I though I didn't have it, but thankfully enough I had some logs on my app.
"Pastebin Created" is called in my app at the .then(data) of pastebin.createPaste()
pastebin.createPaste({
text: pastelist,
title: settings.get('twitch-main.name') + ' Songs List',
format: null,
privacy: 1,
expiration: '1H'
})
.then((data) => {
client.say(channel, 'Songs List: ' + data);
log.info('Pastebin Created');
log.info(data);
})
.fail((error) => {
client.say(channel, 'Sorry we couldn\'t create a Songs List');
log.warn('Error creating Pastebin');
log.info(error);
});
[2020-07-30 10:57:49.869] [info] !songs
[2020-07-30 10:57:50.031] [info] Pastebin Created
[2020-07-30 10:57:50.036] [info] <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Suspected phishing site | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
<style type="text/css">body{margin:0;padding:0}</style>
<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></script><!--<![endif]-->
<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/cf.common.js"></script><!--<![endif]-->
</head>
<body>
<div id="cf-wrapper">
<div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
<div id="cf-error-details" class="cf-error-details-wrapper">
<div class="cf-wrapper cf-header cf-error-overview">
<h1 class="cf-text-error"><i class="cf-icon-exclamation-sign"></i> Warning: Suspected Phishing Site Ahead!</h1>
<h2 class="cf-subheadline">This link has been flagged as phishing. We suggest you avoid it.</h2>
</div><!-- /.header -->
<section></section><!-- spacer -->
<div class="cf-section cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">
<h2>What is phishing?</h2>
<p>This link has been flagged as phishing. Phishing is an attempt to acquire personal information such as passwords and credit card details by pretending to be a trustworthy source.</p>
<p>
<form action="/cdn-cgi/phish-bypass" method="GET">
<input type="hidden" name="u" value="/api/api_post.php">
<input type="hidden" name="atok" value="7490c3831f3113b9c2497aa5a0f1d66b">
<button type="submit" class="cf-btn cf-btn-danger" data-translate="dismiss_and_enter">Dismiss this warning and enter site</button>
</form>
</p>
</div>
<div class="cf-column">
<h2>What can I do?</h2>
<p><strong>If you're a visitor of this website</strong><br />
The website owner has been notified and is in the process of resolving the issue. For now, it is recommended that you do not continue to the link that has been flagged.</p>
<p><strong>If you're the owner of this website</strong><br />
Please log in to cloudflare.com to review your flagged website. If you have questions about why this was flagged as phishing please contact the Trust & Safety team for more information.</p>
</div>
</div>
</div><!-- /.section -->
<div class="cf-error-footer cf-wrapper">
<p>
<span class="cf-footer-item">Cloudflare Ray ID: <strong>5baf977b3aef08f5</strong></span>
<span class="cf-footer-separator">•</span>
<span class="cf-footer-item"><span>Your IP</span>: xxx.xxx.xxx.xxx</span>
<span class="cf-footer-separator">•</span>
<span class="cf-footer-item"><span>Performance & security by</span> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
</div><!-- /.error-footer -->
</div><!-- /#cf-error-details -->
</div><!-- /#cf-wrapper -->
<script type="text/javascript">
window._cf_translation = {};
</script>
</body>
</html>
You may want to take a look into this issues.
Tested on 1.0.3 (I'm confuse as to why my Version Lenses shows 1.0.5 as newer, but github still says it's 1.0.3)
The response from the API that should get back the link for a generated pastebin is returning HTML code (Placed by Cloudflare I guess) and even leaking IP information in the response.
I guess some filter to test if the response is an actual link would be the solution and otherway, return some error.
https://www.reddit.com/r/pastebin/comments/i0m5pv/why_pastebin_is_marked_as_phishing_by_cloudflare/