# Web Cache * * * - Cache me if you can. * Cache me if you can ppt - * * Abusing HOP by HOP - * * Another Writeup :) Web Cache Deception Attack leads to user info disclosure[![](https://pbs.twimg.com/card_img/1281781791590715393/BIdylHSM?format=png\&name=small)](https://t.co/UVrtUvAY54?amp=1)[Web Cache Deception Attack leads to user info disclosureHello Everyonelink.medium.com](https://t.co/UVrtUvAY54?amp=1) * * * * * * * * * Tools: * References: * [YWH HTTP Header Exploitation](https://blog.yeswehack.com/yeswerhackers/http-header-exploitation/) * [Cache Poisoning at Scale](https://youst.in/posts/cache-poisoning-at-scale/) * [abusing http hop-by-hop request headers](https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers) * [Web Cache Entanglement: Novel Pathways to Poisoning](https://portswigger.net/research/web-cache-entanglement) * [Practical Web Cache Poisoning](https://portswigger.net/research/practical-web-cache-poisoning) * [Exploiting cache design flaws](https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws) * [Responsible denial of service with web cache poisoning](https://portswigger.net/research/responsible-denial-of-service-with-web-cache-poisoning) * [CPDoS.org](https://cpdos.org/) * [Autopoisoner](https://github.com/Th0h0/autopoisoner) * [Rachid.A research](https://zhero-web-sec.github.io/research-and-things/nextjs-and-cache-poisoning-a-quest-for-the-black-hole) * * HackerOne Reports: * [https://hackerone.com/reports/409370](https://hackerone.com/reports/409370https:/hackerone.com/reports/728664https:/hackerone.com/reports/622122https:/hackerone.com/reports/942629https:/hackerone.com/reports/1183263https:/hackerone.com/reports/1096609https:/hackerone.com/reports/326639) * [https://hackerone.com/reports/728664](https://hackerone.com/reports/409370https:/hackerone.com/reports/728664https:/hackerone.com/reports/622122https:/hackerone.com/reports/942629https:/hackerone.com/reports/1183263https:/hackerone.com/reports/1096609https:/hackerone.com/reports/326639) * [https://hackerone.com/reports/622122](https://hackerone.com/reports/409370https:/hackerone.com/reports/728664https:/hackerone.com/reports/622122https:/hackerone.com/reports/942629https:/hackerone.com/reports/1183263https:/hackerone.com/reports/1096609https:/hackerone.com/reports/326639) * [https://hackerone.com/reports/942629](https://hackerone.com/reports/409370https:/hackerone.com/reports/728664https:/hackerone.com/reports/622122https:/hackerone.com/reports/942629https:/hackerone.com/reports/1183263https:/hackerone.com/reports/1096609https:/hackerone.com/reports/326639) * [https://hackerone.com/reports/1183263](https://hackerone.com/reports/409370https:/hackerone.com/reports/728664https:/hackerone.com/reports/622122https:/hackerone.com/reports/942629https:/hackerone.com/reports/1183263https:/hackerone.com/reports/1096609https:/hackerone.com/reports/326639) * [https://hackerone.com/reports/1096609](https://hackerone.com/reports/409370https:/hackerone.com/reports/728664https:/hackerone.com/reports/622122https:/hackerone.com/reports/942629https:/hackerone.com/reports/1183263https:/hackerone.com/reports/1096609https:/hackerone.com/reports/326639) * [https://hackerone.com/reports/326639](https://hackerone.com/reports/409370https:/hackerone.com/reports/728664https:/hackerone.com/reports/622122https:/hackerone.com/reports/942629https:/hackerone.com/reports/1183263https:/hackerone.com/reports/1096609https:/hackerone.com/reports/326639)