nuclei-templates/vulnerabilities/generic/cache-poisoning.yaml

34 lines
795 B
YAML
Raw Normal View History

2021-04-02 13:49:50 +00:00
id: cache-poisoning
2021-04-02 13:14:09 +00:00
info:
name: Cache Poisoning
author: melbadry9,xelkomy,akincibor,dogasantos
2022-03-17 11:19:43 +00:00
severity: low
reference:
- https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
- https://portswigger.net/research/practical-web-cache-poisoning
2021-08-11 07:37:27 +00:00
tags: cache,generic
2021-04-02 13:14:09 +00:00
requests:
- raw:
- |
2022-03-17 11:19:43 +00:00
GET /?{{randstr}}=9 HTTP/1.1
X-Forwarded-Prefix: prefix.cache.example.com
X-Forwarded-Host: host.cache.example.com
X-Forwarded-For: for.cache.example.com
2021-04-02 13:14:09 +00:00
- |
2022-03-17 11:19:43 +00:00
GET /?{{randstr}}=9 HTTP/1.1
2021-04-02 13:14:09 +00:00
req-condition: true
matchers:
- type: dsl
dsl:
2021-04-02 13:49:50 +00:00
- 'contains(body_2, "cache.example.com")'
extractors:
- type: regex
part: response
regex:
- "(prefix|host|for).cache.example.com"