Commit Graph

4 Commits (6f0d1639e274dc19a7bdaf4d54f42108e9d99608)

Author SHA1 Message Date
Ritik Chaddha 44a0a5c09b
updated header 2023-02-10 14:21:09 +05:30
Ritik Chaddha 70d9e4e175
updated matcher part 2023-02-01 14:23:01 +05:30
Ayden Colby 1adc897f3f
Update cache-poisoning-fuzz.yaml
Proposed fixes to cache-poisoning-fuzz.yaml based on issue #5070

What I believe was wrong before:
 - The author of this template used the {{uniq}} in three places in the template, however, all three values are different with each pair of requests. This means that the cache buster query changes between request 1 and request 2, causing cache poisoning detection to not work properly. 

Implemented fixes:
 - Changed the cache buster query to be the same for request 1 and request 2, allowing for proper cache poisoning detection
 - Used the consistent {{randstr}} preprocessor as the value for headers, since {{uniq}} would not be detected in the matchers as it changes every call
 - Used the same User-Agent for each request, as having user agents change between request 1 and request 2 could cause a cache to miss
 - Added a matching condition for {{randstr}} to exist in both responses to avoid false positives
 - Added reference to portswigger's web cache poisoning lesson

Side notes:
 - The tag "fuzz" for some reason caused errors on my nuclei instance, but "fuzzing" would not. However, I left it alone in case it is just a local issue
 - Template tested on and properly detected web cache poisoning for https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws/lab-web-cache-poisoning-targeted-using-an-unknown-header
2022-10-02 19:35:04 -04:00
Dwi Siswanto 057d48eb1a
Add cache-poisoning-fuzz (#3413) 2021-12-25 13:26:35 +05:30