Episode 11: CV$$, Web Cache Deception, and SSTI
Critical Thinking - Bug Bounty Podcast
00:00
How to Cache a Page in an Application
This was a government target that I was working on. And somewhere in the application, and so I will note as well, you guys have to look. A lot of times what you'll be looking for is the age header in the response which shows how old this page is. If you can see that and it's on an asset that contains user, and that page contains user information, then you've got a web cache deception vulnerability here. The one reason I wanted to highlight it is because of that percent 3f piece, putting that in the URL, tricking the URL into thinking that the actual path ended in.js rather than,.aspx.
Transcript
Play full episode
