web-vuln-cache-poisoning
CommunityDetect and verify web cache poisoning.
Software Engineering#cdn#curl#vulnerability scanning#security-testing#http headers#web cache deception#web cache poisoning
Authorwoohyun212
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Identifies when a CDN or reverse-proxy cache serves attacker-influenced content or authenticated content to unintended users, preventing open redirects, XSS, and sensitive-data disclosure via poisoned cache entries.
Core Features & Use Cases
- Cache behavior detection: Records caching headers (Age, X-Cache, CF-Cache-Status) to determine whether responses are cached.
- Unkeyed input enumeration: Tests header and parameter vectors such as X-Forwarded-Host, X-Original-URL, and fat GET payloads to find inputs not included in the cache key.
- Poisoning and deception verification: Injects payloads into fresh cache slots, fetches without injected headers to confirm persistence, and compares authenticated vs unauthenticated responses to detect web cache deception.
- Use case: Audit a site behind Cloudflare or Varnish to confirm whether attacker-controlled host headers or appended .css/.js paths can cause cached authenticated pages to be served to anonymous users.
Quick Start
Ask the AI to test https://www.example.com for cache poisoning using attacker.com for payload verification and provide an auth cookie for deception checks.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: web-vuln-cache-poisoning Download link: https://github.com/woohyun212/security-skill/archive/main.zip#web-vuln-cache-poisoning Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.