Web Cache Poisoning: Hunting Methodology & Real-World Examples
Вставка
- Опубліковано 9 лют 2025
- This video explores the Web Cache Poisoning vulnerability in detail. We'll cover essential concepts such as web caching, cache keys, cache hits, cache misses, and cache busters. You’ll also learn how to identify this vulnerability in web applications, complete with practical examples. By the end of the video, you’ll have a comprehensive understanding of all the key concepts related to web cache poisoning.
.
.
.
Blogs: / medusa0xf
.
.
.
Social media:
Twitter: / medusa_0xf
.
.
.
Discord: / discord
.
.
HackerOne Report
hackerone.com/...
.
.
.
Introduction: 0:00
Caching: 0:26
CDN Caching [Cache Miss & Hit]: 0:44
Cache Key: 1:28
Recon: 2:17
Web Cache Poisoning: 3:00
Cache Buster: 4:28
Unkeyed & Keyed Input: 5:12
Hunting Methodology: 7:30
HackerOne Report: 9:38
Ending: 11:07
.
.
Like and Subscribe :)
.
.
Music: Karl Casey @ White Bat Audio
#api #owasp #portswigger #bugbounty #bola #postman #pentesting #api #hack #bola #tryhackme #hackerone #apihacking #computerscience #javascript #python #postman #ctf #bughunting #pentesting #hacking #hackingtools #burpsuite #portswigger #ethicalhacking #OAuth #webhacking #programming #websecurity #technology #practical #artificialintelligence #web #recon #bypass
love ur style plz stay consitent w uploads and ur voice is fyer
Thank you, I'll try my best to keep things consistent!
Great explanation. Thanks
VERY GOOD EXPLANATION VIDEO . thanks for explaining it so nicely and so patiently and with example . thank you . i love your videos .
Thanks a lot, it took effort!
voice + guidence i love that
Thank you!
glad I found this gem :)
Thanks!
great explanation
I'm glad you liked it.
well put together
Glad you liked it!
great explaination, loved it.
Thank you!
1. flickering animations can cause epileptic episodes in some people. they are also kinda annoying (imo).
2. anime scenes are very distracting when learning something.
but content & coverage is good! I know you are experimenting but I just wanted to leave some feedback since this seems like a nice channel to learn stuff.
Thanks for the feedback
Nice one!
Thanks!
Medusa reminds me modlishka. Anyway great explanation.
Some more points - you have worked on lazy loading cache hit and cache miss architecture that has a condition that this type if cache poisioning is only real of cache is updated.
There are some more architecture you may want to explore, its write through and session storing.
For write through architecture , cache cant be poisoned or updated to be delivered to multiple users for same content if you are not writing to DB.
For session storing cached
architecture mechanisms xss will fall short and you may want to try csrf.
How about you share some articles for this on my server?
Love you 😘👌
What is Lucky13 vulnerability and side channel attack=>bit flip
Great Explanation, Is there any chances explaning for HTTP Request Smuggling will be helpful
I'll consider
Great Content, but the background shouldn't be flickering.
Thanks for the tip
Ps : don't use glitch screen background when explaining something, it's uncomfortable
How comfortable is that when you have your website hosting different image or probably your user poset is changed or someone rides csrf and transfer legit amount from your digital wallet to some of your friend that you don't know.
Get used it if you are blue 🔵, life will be less stressful 😊
Agree
Yup it's kinda make us distract
Okay
Please make this sort of video for Oauth misconfiguration as well
Noted
Nice video
Thank you!
The tiny note name? where u using to save payloads?
i used online code snippets.
Medusa how about live hunting?
Not yet
Unable to focus while stuff running on the background with distracting music, it would be better if the video is some calm or lofi stuff.
Yeah i've been experimenting with editing. Check out the new video, you will love it!
what's the anime name themed here? :)
Solo leveling and jujutsu Kaisan
Yo man hook me up with some BAC resources (not basics)
You should hear this podcast.
ua-cam.com/video/w4-_wd_ReX4/v-deo.htmlsi=hnBOCR2AioksJdFH
@@Medusa0xf I hate that smile do you have any other resources where you are the only one like same as this video. I love your blog but it's very nice to see any video on that. If you don't mind Medusa I'm doing fully manual testing now including BAC,Auth and OAuth so can you tell me am I missing out on something here ?
Don't use anime it's distracting
Yeah, I don’t usually use it. I’m just experimenting with new ideas and noting feedback. Thank you!