Skip to content

Commit

Permalink
add cache poisoning
Browse files Browse the repository at this point in the history
  • Loading branch information
xanhacks committed Dec 22, 2023
1 parent eebfe9a commit e77b343
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions content/en/docs/framework/nginx.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,36 @@ To change the request characteristics used in calculating the key, include the `
proxy_cache_key "$host$request_uri$cookie_user";
```

### Cache Poisoning

```
# [...]
http {
# [...]
proxy_cache_path /run/nginx/cache keys_zone=stat_cache:10m inactive=10s;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location = /stats {
proxy_cache stat_cache;
proxy_cache_key "$arg_period";
proxy_cache_valid 200 15s;
proxy_pass http://127.0.0.1:3001;
}
}
}
```

The `period` GET parameter serves as the cache key. By utilizing a commonly known value such as `1m`, you can contaminate the cache and introduce an additional malicious value.

- Example: `http://localhost/stats?period=1m&period=<PAYLOAD>`

## Security

### Basic Auth
Expand Down

0 comments on commit e77b343

Please sign in to comment.