Skip to content

Version 1.2.0 - Web Cache Deception Detection

Choose a tag to compare

View all tags
@m10x m10x released this 09 Feb 14:00
· 140 commits to master since this release
1.2.0
accdb13

Web Cache Deception

The WCVS now detects Web Cache Deception. It uses various techniques for this purpose:

  • Path Parameter
  • Path Traversal
  • Appended Newline, Null Byte, Semicolon, Pound, Question Mark or Ampersand

In summary, WCVS's procedure is as follows:
If the cache returns a HIT, it is tested for web cache poisoning. If the cache always returns a MISS, it is tested for web cache deception.

Changelog

  • Added Web Cache Deception Detection d773d4b 8a52b8b accdb13
  • Added support for more common cache headers (from GoogleCloud, RackCache, Akamai & more) c6789a6
  • Added Web Cache Deception & Bachelor's Thesis to the Readme 3c237c0 127125e
Assets 10
Loading