nuclei-templates/fuzzing/cache-poisoning-fuzz.yaml

id: cache-poisoning-fuzz

info:
  name: Cache Poison Fuzzing
  author: dwisiswant0
  severity: info
  reference:
    - https://youst.in/posts/cache-poisoning-at-scale/
  tags: cache,fuzz

requests:
  - raw:
      - |
        GET /?{{uniq}}=1 HTTP/1.1
        Host: {{Hostname}}
        {{headers}}: {{uniq}}.tld

      - |
        GET /?{{uniq}}=1 HTTP/1.1
        Host: {{Hostname}}

    attack: clusterbomb
    payloads:
      uniq:
        - "{{md5(rand_text_numeric(32))}}"
      headers: helpers/wordlists/headers.txt

    stop-at-first-match: true
    req-condition: true

    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "{{uniq}}")'
Add cache-poisoning-fuzz (#3413) 2021-12-25 07:56:35 +00:00			`id: cache-poisoning-fuzz`

			`info:`
			`name: Cache Poison Fuzzing`
			`author: dwisiswant0`
			`severity: info`
			`reference:`
			`- https://youst.in/posts/cache-poisoning-at-scale/`
			`tags: cache,fuzz`

			`requests:`
			`- raw:`
			`- \|`
			`GET /?{{uniq}}=1 HTTP/1.1`
			`Host: {{Hostname}}`
			`{{headers}}: {{uniq}}.tld`

			`- \|`
			`GET /?{{uniq}}=1 HTTP/1.1`
			`Host: {{Hostname}}`

			`attack: clusterbomb`
			`payloads:`
			`uniq:`
			`- "{{md5(rand_text_numeric(32))}}"`
			`headers: helpers/wordlists/headers.txt`

			`stop-at-first-match: true`
			`req-condition: true`

			`matchers:`
			`- type: dsl`
			`dsl:`
			`- 'contains(body_2, "{{uniq}}")'`