Pentest Book
Ask or search…
Comment on page

Web Cache Poisoning


Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.
Fundamentally, web cache poisoning involves two phases. First, the attacker must work out how to elicit a response from the back-end server that inadvertently contains some kind of dangerous payload. Once successful, they need to make sure that their response is cached and subsequently served to the intended victims.
A poisoned web cache can potentially be a devastating means of distributing numerous different attacks, exploiting vulnerabilities such as XSS, JavaScript injection, open redirection, and so on.


wcvs -u
python3 -u --get
python3 -u --post
python -u
python3 --domain
python3 -t
# XSS for users accessing /en?region=uk:
GET /en?region=uk HTTP/1.1
X-Forwarded-Host: a."><script>alert(1)</script>"
Last modified 1yr ago