caon.io
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Cache Poisoning

Check if the server is caching requests. You can tell by looking the headers and looking for the words HIT OR DYNAMIC.

Cloudflare caches content based on MIME type only. Akamai acceppts headers

Trigger Cache

  • /profile.css
  • /profile/nonexistent.css
  • /profile?nonexistent
  • /profile/x.jpeg?nonexistent
  • /profile/.js
  • /profile/;.js
  • Add \: header

Stored XSS

Find an endpoint that reflects content to page (cookies, parameter, headers..) and store it by poisoning the cache

List of cachable extensions 

7z
csv
gif
midi
png
tif
zip
avi
doc
gz
mkv
ppt
tiff
zst
avif
docx
ico
mp3
pptx
ttf
apk
dmg
iso
mp4
ps
webm
bin
ejs
jar
ogg
rar
webp
bmp
eot
jpg
otf
svg
woff
bz2
eps
jpeg
pdf
svgz
woff2
class
exe
js
pict
swf
xls
css
flac
mid
pls
tar
xlsx
gdoc_arrow_left_alt Others Clickjacking gdoc_arrow_right_alt