2021-04-02 13:49:50 +00:00
|
|
|
id: cache-poisoning
|
2021-04-02 13:14:09 +00:00
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Cache Poisoning
|
2022-03-17 11:19:43 +00:00
|
|
|
author: melbadry9,xelkomy,akincibor
|
|
|
|
|
severity: low
|
2021-08-18 11:37:49 +00:00
|
|
|
reference:
|
2021-08-19 14:44:46 +00:00
|
|
|
- https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
|
|
|
|
|
- https://portswigger.net/research/practical-web-cache-poisoning
|
2021-08-11 07:37:27 +00:00
|
|
|
tags: cache,generic
|
2021-04-02 13:14:09 +00:00
|
|
|
|
|
|
|
|
requests:
|
|
|
|
|
- raw:
|
|
|
|
|
- |
|
2022-03-17 11:19:43 +00:00
|
|
|
GET /?{{randstr}}=9 HTTP/1.1
|
2021-04-02 13:49:50 +00:00
|
|
|
X-Forwarded-Prefix: cache.example.com
|
|
|
|
|
X-Forwarded-Host: cache.example.com
|
|
|
|
|
X-Forwarded-For: cache.example.com
|
2021-04-02 13:14:09 +00:00
|
|
|
|
|
|
|
|
- |
|
2022-03-17 11:19:43 +00:00
|
|
|
GET /?{{randstr}}=9 HTTP/1.1
|
2021-04-02 13:14:09 +00:00
|
|
|
|
|
|
|
|
req-condition: true
|
|
|
|
|
matchers:
|
|
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
2021-04-02 13:49:50 +00:00
|
|
|
- 'contains(body_2, "cache.example.com")'
|
