CD
Cloudflare Developers12mo ago
Poker Texas

Production Website pages with cloudflare turnstile run script from "challenges.cloudflare.com".

I work as developer for a big company and in production when i visit website and open developer tools, a worker runs and run a script from "challenges.cloudflare.com". A file pops up in developer tools for a second and then disapear called "VM5" and only contains one line of code saying "debugger". the worker script from "challenges.cloudflare.com" runs 
onmessage = function(e) {
    if (e.isTrusted && "" === e.origin && null === e.source) {
        eval(e.data);
    }
};
onmessage = function(e) {
    if (e.isTrusted && "" === e.origin && null === e.source) {
        eval(e.data);
    }
};
. Where e.data is equal to 
"postMessage({ hYzg3:'removed_code_if_sensitive'});eval('debugger');postMessage({ hYzg3:'removed_code_if_sensitive'});"
"postMessage({ hYzg3:'removed_code_if_sensitive'});eval('debugger');postMessage({ hYzg3:'removed_code_if_sensitive'});"
. Should this file really appear in production? The website uses wpforms with cloudflare turnstile.
0 Replies
No replies yetBe the first to reply to this messageJoin
Want results from more Discord servers?
Add your server