nuclei-templates/vulnerabilities/generic/cache-poisoning.yaml

id: cache-poisoning

info:
  name: Cache Poisoning
  author: melbadry9,xelkomy
  severity: info
  reference: |
      - https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
      - https://portswigger.net/research/practical-web-cache-poisoning
  tags: cache

requests:
  - raw:
      - |
        GET /?mel=9 HTTP/1.1
        X-Forwarded-Prefix: cache.example.com
        X-Forwarded-Host: cache.example.com
        X-Forwarded-For: cache.example.com

      - |
        GET /?mel=9 HTTP/1.1

    req-condition: true
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "cache.example.com")'
Update cache-poisoning.yaml 2021-04-02 13:49:50 +00:00			`id: cache-poisoning`
Create cache-poisoning.yaml 2021-04-02 13:14:09 +00:00
			`info:`
			`name: Cache Poisoning`
Updated author names 2021-06-09 12:20:56 +00:00			`author: melbadry9,xelkomy`
more reference 2021-04-02 16:08:35 +00:00			`severity: info`
			`reference: \|`
			`- https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning`
			`- https://portswigger.net/research/practical-web-cache-poisoning`
			`tags: cache`
Create cache-poisoning.yaml 2021-04-02 13:14:09 +00:00
			`requests:`
			`- raw:`
			`- \|`
			`GET /?mel=9 HTTP/1.1`
Update cache-poisoning.yaml 2021-04-02 13:49:50 +00:00			`X-Forwarded-Prefix: cache.example.com`
			`X-Forwarded-Host: cache.example.com`
			`X-Forwarded-For: cache.example.com`
Create cache-poisoning.yaml 2021-04-02 13:14:09 +00:00
			`- \|`
			`GET /?mel=9 HTTP/1.1`

			`req-condition: true`
			`matchers:`
			`- type: dsl`
			`dsl:`
Update cache-poisoning.yaml 2021-04-02 13:49:50 +00:00			`- 'contains(body_2, "cache.example.com")'`