Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 15:14:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

Web cache deception update

Browse source
This commit is contained in:
Swissky 2017-02-27 20:04:53 +01:00
parent 297a88dae2
commit c1c8adefc6
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Web cache deception/README.md
View file

@ -1,13 +1,15 @@
# Web Cache Deception Attack # Web Cache Deception Attack
## Exploit ## Exploit
```
1.Browser requests http://www.example.com/home.php/non-existent.css. 1.Browser requests http://www.example.com/home.php/non-existent.css.
2.Server returns the content of http://www.example.com/home.php, most probably with HTTP caching headers that instruct to not cache this page. 2.Server returns the content of http://www.example.com/home.php, most probably with HTTP caching headers that instruct to not cache this page.
3.The response goes through the proxy. 3.The response goes through the proxy.
4.The proxy identifies that the file has a css extension. 4.The proxy identifies that the file has a css extension.
5.Under the cache directory, the proxy creates a directory named home.php, and caches the imposter "CSS" file (non-existent.css) inside. 5.Under the cache directory, the proxy creates a directory named home.php, and caches the imposter "CSS" file (non-existent.css) inside.
```
Simple example ## Methodology of the attack - example
``` ```
1. Normal browsing, visit home : https://www.example.com/myaccount/home/ 1. Normal browsing, visit home : https://www.example.com/myaccount/home/
2. Open the malicious link : https://www.example.com/myaccount/home/malicious.css 2. Open the malicious link : https://www.example.com/myaccount/home/malicious.css