HEY Guys, Its KRiPPto99 Back again. In today’s blog We are going to see web cache poisoning attack, what is this attack, how does it work, and we are going to see labs, and some reports too. so lets get started.
What is Web Cache Poisoning
It is a way of storing the previewed information somewhere in order that it may well be reused. it’s sort of a copy of an internet page served by a server. It enhances page delivery speed and lessens the load of a server. It sits between the server and therefore the user wherever it saves HTTP requests, responses for a hard and fast quantity of your time. If the other user sends the request, the cached response merely sends a duplicate of the cached response that had been saved while not interacting with the backend
How does Caching work?
There are two steps to web cache poisoning. To begin, the attacker must figure out how to get a potentially dangerous payload response from the backend server. They must cache their response and serve it only to the intended victims after they have succeeded.
An infected web cache has the ability to be a destructive means of disseminating a series of attacks, involving XSS, DOS, JavaScript injection, open redirection, and so on.
Validating Web Cache Poisoning:
- Finds the weak service code that allows them to stuff a lot of headers into the HTTP header area.
- The cache server is forced to flush its actual cache information, which we want the servers to cache.
- Sends a specially constructed request to the server, which will be cached.
- The next request is sent. The response to this request will be the previously injected content stored in the cache.
Headers That Can Be Used To Cache :
X-Forwarded-Host: your-hackers-site.com
X-Host: your-hackers-site.com
Forwarded-Server: your-hackers-site.com
Portswigger Labs: To understand how does it work Here are some labs so by solving this labs we get understand better way to know this attack Labs
Hackerone Reports : Here some reports of Hackerone
- https://hackerone.com/reports/631589
- https://hackerone.com/reports/394016
- https://hackerone.com/reports/1346618
- https://hackerone.com/reports/429747
Thank you for reading this seeyaa next time