daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

misc update to cache-poisoning

patch-1
sandeep 2023-04-17 14:58:43 +05:30
parent 67e3f0b8c9
commit 384dbd1969
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
vulnerabilities/generic/cache-poisoning.yaml
View File

@ -1,7 +1,7 @@
id: cache-poisoning id: cache-poisoning
info: info:
name: Cache Poisoning name: Cache Poisoning Detection
author: melbadry9,xelkomy,akincibor,dogasantos author: melbadry9,xelkomy,akincibor,dogasantos
severity: low severity: low
reference: reference:
@ -13,21 +13,22 @@ requests:
- raw: - raw:
- | - |
GET /?{{randstr}}=9 HTTP/1.1 GET /?{{randstr}}=9 HTTP/1.1
X-Forwarded-Prefix: prefix.cache.interact.sh Host: {{Hostname}}
X-Forwarded-Host: host.cache.interact.sh X-Forwarded-Prefix: prefix.cache.oast.pro
X-Forwarded-For: for.cache.interact.sh X-Forwarded-Host: host.cache.oast.pro
X-Forwarded-For: for.cache.oast.pro
- | - |
GET /?{{randstr}}=9 HTTP/1.1 GET /?{{randstr}}=9 HTTP/1.1
Host: {{Hostname}}
req-condition: true
matchers: matchers:
- type: dsl - type: dsl
dsl: dsl:
- 'contains(body_2, "cache.interact.sh")' - 'contains(body_2, "cache.oast.pro")'
extractors: extractors:
- type: regex - type: regex
part: response part: response
regex: regex:
- "(prefix|host|for).cache.interact.sh" - "(prefix|host|for).cache.oast.pro"