nuclei-templates/http/vulnerabilities/generic/cache-poisoning.yaml

35 lines
1.1 KiB
YAML
Raw Permalink Normal View History

2021-04-02 13:49:50 +00:00
id: cache-poisoning
2021-04-02 13:14:09 +00:00
info:
2023-04-17 09:28:43 +00:00
name: Cache Poisoning Detection
author: melbadry9,xelkomy,akincibor,dogasantos
2022-03-17 11:19:43 +00:00
severity: low
2024-01-02 15:45:12 +00:00
description: This template detects Cache poisoning.
reference:
- https://web.archive.org/web/20210422000653/https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
- https://portswigger.net/research/practical-web-cache-poisoning
2023-04-17 10:07:36 +00:00
- https://portswigger.net/web-security/web-cache-poisoning
metadata:
max-request: 2
2023-10-14 11:27:55 +00:00
tags: cache,generic
2023-04-17 10:07:36 +00:00
variables:
cache_key: "{{to_lower(rand_base(6))}}"
cache_header: "{{to_lower(rand_base(6))}}"
http:
2021-04-02 13:14:09 +00:00
- raw:
- |
2023-04-17 10:07:36 +00:00
GET /?{{cache_key}}=9 HTTP/1.1
2023-04-17 09:28:43 +00:00
Host: {{Hostname}}
2023-04-17 10:07:36 +00:00
X-Forwarded-Prefix: {{cache_header}}.xfp
X-Forwarded-Host: {{cache_header}}.xfh
X-Forwarded-For: {{cache_header}}.xff
2021-04-02 13:14:09 +00:00
- |
2023-04-17 10:07:36 +00:00
GET /?{{cache_key}}=9 HTTP/1.1
2023-04-17 09:28:43 +00:00
Host: {{Hostname}}
2021-04-02 13:14:09 +00:00
matchers:
- type: dsl
dsl:
2023-10-14 11:27:55 +00:00
- 'contains(body_2, cache_header)'
# digest: 4a0a00473045022100f4e294dece5f64a3c63aa1f3e4b4def3640073557e9aac78a9a26a77ded173cb02206fe5e3f1040d098aec8575f1aa4299c417a89ba8c063032fba4fcf02e28bb36a:922c64590222798bb761d5b6d8e72950