Bug Hunter Handbook

Ctrlk

Powered by GitBook

On this page

Others

Web Cache

https://blog.duszynski.eu/domain-hijack-through-http-301-cache-poisoning/
https://portswigger.net/daily-swig/new-technique-hijacks-insecure-connections-via-browser-cache-poisoning
https://www.youtube.com/watch?time_continue=373&v=oBKoocE5id4&feature=emb_logo - Cache me if you can.
Cache me if you can ppt - https://drive.google.com/drive/folders/19IedR-fl5Uea9PeaAgEyYC-dCz7OU7VM
https://twitter.com/digininja/status/1212161764894347264
Abusing HOP by HOP - https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
https://twitter.com/praseudo/status/1203338825914703872
Another Writeup :) Web Cache Deception Attack leads to user info disclosure Web Cache Deception Attack leads to user info disclosureHello Everyonelink.medium.com
https://medium.com/bugbountywriteup/cache-poisoning-with-xss-a-peculiar-case-eb5973850814
https://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service/
https://medium.com/@kunal94/web-cache-deception-attack-leads-to-user-info-disclosure-805318f7bb29
https://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service/?cb=1
https://www.rcesecurity.com/2020/11/Smuggling-an-un-exploitable-xss/
https://galnagli.com/Cache_Poisoning/
https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
https://infosecwriteups.com/finding-my-first-critical-web-cache-poisoning-6f956799371c
https://youst.in/posts/cache-poisoning-at-scale/

Tools:

https://github.com/c0dejump/HExHTTP

References:

YWH HTTP Header Exploitation
Cache Poisoning at Scale
abusing http hop-by-hop request headers
Web Cache Entanglement: Novel Pathways to Poisoning
Practical Web Cache Poisoning
Exploiting cache design flaws
Responsible denial of service with web cache poisoning
CPDoS.org
Autopoisoner
Rachid.A research
https://strike.sh/blog/uncovering-web-cache-deception

HackerOne Reports:

https://hackerone.com/reports/409370
https://hackerone.com/reports/728664
https://hackerone.com/reports/622122
https://hackerone.com/reports/942629
https://hackerone.com/reports/1183263
https://hackerone.com/reports/1096609
https://hackerone.com/reports/326639

PreviousWeb Sockets NextHTTP Desync Attacks

Last updated 12 months ago