wanderer/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-09-28 15:21:32 +02:00
Code Issues Releases Activity

Web cache deception

Browse Source
This commit is contained in:
Swissky 2017-02-27 20:03:11 +01:00
parent d7626eb420
commit 297a88dae2
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -1,5 +1,5 @@
# Payloads All The Things
A list of useful payloads and bypasses for Web Application Security
A list of useful payloads and bypasses for Web Application Security.
Feel free to improve with your payloads and techniques !
I <3 pull requests :)

23
Web cache deception/README.md Normal file
View File

@ -0,0 +1,23 @@
# Web Cache Deception Attack
## Exploit
1.Browser requests http://www.example.com/home.php/non-existent.css.
2.Server returns the content of http://www.example.com/home.php, most probably with HTTP caching headers that instruct to not cache this page.
3.The response goes through the proxy.
4.The proxy identifies that the file has a css extension.
5.Under the cache directory, the proxy creates a directory named home.php, and caches the imposter "CSS" file (non-existent.css) inside.
Simple example
```
1. Normal browsing, visit home : https://www.example.com/myaccount/home/
2. Open the malicious link : https://www.example.com/myaccount/home/malicious.css
3. The page is displayed as /home and the cache is saving the page
4. Open a private tab with the previous URL : https://www.paypal.com/myaccount/home/malicous.css
5. The content of the cache is displayed
```
Video of the attack by Omer Gil
[![IMAGE ALT TEXT HERE](https://img.youtube.com/vi/pLte7SomUB8/0.jpg)](https://www.youtube.com/watch?v=pLte7SomUB8)
## Thanks to
* http://omergil.blogspot.fr/2017/02/web-cache-deception-attack.html