misc update to cache-poisoning

2023-04-17 14:58:43 +05:30 · 2023-04-17 14:58:43 +05:30 · 384dbd1969
parent 67e3f0b8c9
commit 384dbd1969
1 changed files with 8 additions and 7 deletions
--- a/vulnerabilities/generic/cache-poisoning.yaml
+++ b/vulnerabilities/generic/cache-poisoning.yaml
@ -1,7 +1,7 @@
 id: cache-poisoning

 info:
-  name: Cache Poisoning
+  name: Cache Poisoning Detection
  author: melbadry9,xelkomy,akincibor,dogasantos
  severity: low
  reference:
@ -13,21 +13,22 @@ requests:
  - raw:
      - |
        GET /?{{randstr}}=9 HTTP/1.1
-        X-Forwarded-Prefix: prefix.cache.interact.sh
-        X-Forwarded-Host: host.cache.interact.sh
-        X-Forwarded-For: for.cache.interact.sh
+        Host: {{Hostname}}
+        X-Forwarded-Prefix: prefix.cache.oast.pro
+        X-Forwarded-Host: host.cache.oast.pro
+        X-Forwarded-For: for.cache.oast.pro

      - |
        GET /?{{randstr}}=9 HTTP/1.1
+        Host: {{Hostname}}

-    req-condition: true
    matchers:
      - type: dsl
        dsl:
-          - 'contains(body_2, "cache.interact.sh")'
+          - 'contains(body_2, "cache.oast.pro")'

    extractors:
      - type: regex
        part: response
        regex:
-          - "(prefix|host|for).cache.interact.sh"
+          - "(prefix|host|for).cache.oast.pro"