Cache Poisoning Attack via CloudFlare
CloudFlare can be used to cache static files.
- Using the X-Forwarded-Scheme it may be possible to cause a redirect loop, which will be cached by CloudFlare.
- This is caused by Ruby on Rails - Rack Middleware
- This can result in the loss of availability on the site.
- https://hackerone.com/reports/1181946
Ruby on Rails - Rack Middleware
- https://youst.in/posts/cache-poisoning-at-scale/
Web-Cache Poisoning Denial of Service
https://shahjerry33.medium.com/denial-of-service-via-cache-poisoning-its-toxic-d876931749ac
Practical Web Cache Poisoning Attacks
- https://portswigger.net/research/practical-web-cache-poisoning
Web Cache Poisoning Payload (Constant Poisoning)
while true; do cat ip.txt |xargs -I $ -n1 -P0 curl -s -k -o /dev/null -w "%{http_code} " --resolve HOST:443:$ -H "Acunetix-Product: xxxx" "https://HOST/?abc=1" ;done