Web Cache Poisoning
1 minute read
Return Home
Practical Web Cache Poisoning
Web cache poisoning has long been an elusive vulnerability, a ‘theoretical’ threat used mostly to scare developers into obediently patching issues that nobody could actually exploit.
In this paper I’ll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems, targeting everyone that makes the mistake of visiting their homepage.
Web Cache Entanglement: Novel Pathways to Poisoning
Caches are woven into websites throughout the net, discreetly juggling data between users, and yet they are rarely scrutinized in any depth. In this paper, I’ll show you how to remotely probe through the inner workings of caches to find subtle inconsistencies, and combine these with gadgets to build majestic exploit chains.
I feedback.
Let me know what you think of this article on twitter @_TheGetch_!
Let me know what you think of this article on twitter @_TheGetch_!