maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

f

Browse Source
This commit is contained in:
carlospolop 2025-09-29 13:19:01 +02:00
parent 5123eccf6b
commit d30edd9463
1 changed files with 0 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/pentesting-web/cache-deception/README.md
View File

@ -376,16 +376,6 @@ Validation checklist
- Confirm the authenticated header is present on the retargeted request (e.g., in a proxy or via server-side logs) and that the CDN caches the response under the traversed path.
- From a fresh context (no auth), request the same path and confirm the secret JSON is served from cache.
Impact
- Disclosure of bearer token or sensitive JSON for the authenticated user, enabling Account Takeover until expiry/rotation.
Mitigations
- Client: Normalize/validate path parameters used inside URL paths; reject /, .. and their encodings. Prefer strict routing helpers over string concatenation.
- Edge/CDN: Disable extension-based overrides for API paths; enforce no-store for sensitive endpoints at the edge; use strict cache keys that vary on Authorization and custom auth headers; segregate static content and APIs on separate hostnames with different caching policies.
- Auth: Avoid returning bearer tokens in cacheable contexts; scope tokens tightly and minimize TTL; rotate on use/suspicious access.
## Automatic Tools