id: cache-poisoning info: name: Cache Poisoning author: melbadry9 & xelkomy severity: info reference: | - https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning - https://portswigger.net/research/practical-web-cache-poisoning tags: cache requests: - raw: - | GET /?mel=9 HTTP/1.1 X-Forwarded-Prefix: cache.example.com X-Forwarded-Host: cache.example.com X-Forwarded-For: cache.example.com - | GET /?mel=9 HTTP/1.1 req-condition: true matchers: - type: dsl dsl: - 'contains(body_2, "cache.example.com")'