|
|
|
|
|
|
by jusob
2873 days ago
|
|
|
In 2017 or 2016, there was a Blackhat talks that explained how to trick the web cache on main popular website (including Paypal) into caching any web page. The trick is that many web cache just do a check on the extension (.jpg, .png) to check whether to cache a page or not. If you added ?foo=.png to any page, it would be cached. The host showed how he could trick any web visitor to access their Paypal account home page (if logged in) and cache any page that he would later visit. |
|
|
Please note that web caches also enable a different type of attack called Web Cache Deception which should not be confused with cache poisoning.