Samark

Jun 23, 2024 - 01:25

16

What is Web Cache Deception?

Web cache deception occurs when discrepancies between cache proxies and backend servers lead to dynamic content being mistakenly cached and served as static content. This vulnerability is often exploited by attackers who manipulate URLs by adding fake static file extensions to dynamic URLs. For instance, changing "/path" to "/path/WCD.jpeg" can trick the caching system into storing sensitive dynamic content as a seemingly harmless static resource.

How I Discovered the Cache Deception Bug ?

This was possible due to:

1. The Session Token was reflected on https://redacted.com/profile.jpeg and the server was responding with a 200 Ok (200 Ok responses allows the cache to last a lot longer than any other response)

2. The Caching Server sees https://redacted.com/profile.jpeg as a "cacheable" response, due to jpeg extension at the end of the URL, the server will save it

Then, the attacker can access https://redacted.com/profile.jpeg in their own browser and observe the confidential information of the users that accessed before

Thanks for reading my blog .

0 comments

Sachin Kumar mandal 7 months ago

Liked by Author

🔥🔥

Tech Talks 7 months ago

Liked by Author

The Community Gem 💎

Ujwal Rathor 7 months ago

Liked by Author

THE BLOG that I wanted to read ✨🚀

Please enter a comment...

×

Please login first to write a comment.

Go to Login

Cybersecurity