Bug Hunter Handbook
  • Introduction
  • Getting Started in InfoSec and Bug Bounties.
  • Presentations
  • Checklists / Guides
  • Useful Twitter Threads
  • List of Vulnerabilities
    • Recon and OSINT
      • Recon
      • Sensitive information using Github
      • Subdomain Enumeration
        • Resolvers
      • Javascript Enumeration
      • After Recon
      • Finding Information Using Public Resources
      • OSINT
      • Cloud
      • Wayback
      • Parameter / Content Discovery
      • Broken Link Highjacking
    • Host Header
    • Injection
      • Other Injection
    • DNS Rebinding
    • Cross Site Scripting (XSS)
      • Weaponizing XSS
      • WAF Bypass
    • Cross Origin Resource Sharing (CORS)
    • Local / Remote File Inclusion (LFI / RFI)
    • Server Side Request Forgery (SSRF)
    • Remote Code Execution (RCE)
    • XML Entity Injecton (XXE)
    • Price Manipulation
    • Directory / Path Traversal
    • Cross Site Request Forgery (CSRF)
      • JSON CSRF
    • Password Reset
    • Login Page Issues
    • Deserialization Attacks
    • File Upload
    • Account Takeover
    • Insecure Direct Object References (IDOR)
    • Open Redirect
    • Business Logic Flaws
    • Rate Limit Bypass / 2FA / OTP Bypass
    • Ruby on Rails
      • Mass Assginment
    • S3 Bucket
    • Race Condition
    • CRLF
    • SSTI
    • Prototype Pollution
  • Approach
  • API Security
  • Mobile Security
  • Fuzzing / Wordlists
  • BugBounty Short Write-ups
  • Burp Suite Tips and Tricks
  • HackerOne Reports
  • Response Manipulation
  • Client Vs Server Side Vulnerabilities
  • DevSecOps
  • Containers
    • Docker
    • Kubernetes
    • Containers
  • AWS
  • Azure
  • Others
    • Code Review
    • Web Sockets
    • Web Cache
    • HTTP Desync Attacks
    • Zone Transfer
    • CSP Bypass
    • Payment Bypasses
    • Http Parameter Pollution
    • Postmessage
    • Others
    • GraphQL
    • Unix / Linux
    • Email Related
    • Dependency confusion
    • Nginx Misconfigs
    • JIRA
    • OAUTH
  • Chaining of Bugs
  • Bug Bounty Automation
  • Mindmaps
  • Oneliner Collections
  • Red Teaming
  • Blue Teamining
  • Recon One Liners
  • Misc
  • Wordpress
  • Fuzzing / FuFF
  • OWASP ZAP
  • Bug List
  • Setting up burp collaborator
  • Admin Panel PwN
  • Credential Stuffing / Dump / HaveibeenPwned?
  • Tools Required
  • Nuclei Template
  • Other BugBounty Repos / Tips
  • Interview
  • Threat Modelling
  • AppSec
Powered by GitBook
On this page

Was this helpful?

  1. Others

Web Cache

PreviousWeb SocketsNextHTTP Desync Attacks

Last updated 4 months ago

Was this helpful?

  • - Cache me if you can.

  • Cache me if you can ppt -

  • Abusing HOP by HOP -

  • Another Writeup :) Web Cache Deception Attack leads to user info disclosure

Tools:

References:

HackerOne Reports:

https://github.com/c0dejump/HExHTTP
YWH HTTP Header Exploitation
Cache Poisoning at Scale
abusing http hop-by-hop request headers
Web Cache Entanglement: Novel Pathways to Poisoning
Practical Web Cache Poisoning
Exploiting cache design flaws
Responsible denial of service with web cache poisoning
CPDoS.org
Autopoisoner
Rachid.A research
https://strike.sh/blog/uncovering-web-cache-deception
https://hackerone.com/reports/409370
https://hackerone.com/reports/728664
https://hackerone.com/reports/622122
https://hackerone.com/reports/942629
https://hackerone.com/reports/1183263
https://hackerone.com/reports/1096609
https://hackerone.com/reports/326639
https://blog.duszynski.eu/domain-hijack-through-http-301-cache-poisoning/
https://portswigger.net/daily-swig/new-technique-hijacks-insecure-connections-via-browser-cache-poisoning
https://www.youtube.com/watch?time_continue=373&v=oBKoocE5id4&feature=emb_logo
https://drive.google.com/drive/folders/19IedR-fl5Uea9PeaAgEyYC-dCz7OU7VM
https://twitter.com/digininja/status/1212161764894347264
https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
https://twitter.com/praseudo/status/1203338825914703872
Web Cache Deception Attack leads to user info disclosureHello Everyonelink.medium.com
https://medium.com/bugbountywriteup/cache-poisoning-with-xss-a-peculiar-case-eb5973850814
https://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service/
https://medium.com/@kunal94/web-cache-deception-attack-leads-to-user-info-disclosure-805318f7bb29
https://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service/?cb=1
https://www.rcesecurity.com/2020/11/Smuggling-an-un-exploitable-xss/
https://galnagli.com/Cache_Poisoning/
https://blog.melbadry9.xyz/fuzzing/nuclei-cache-poisoning
https://infosecwriteups.com/finding-my-first-critical-web-cache-poisoning-6f956799371c
https://youst.in/posts/cache-poisoning-at-scale/