WEB CACHE DECEPTION FOR BEGINNERS!

Hi! I'm a pentester and a bug bounty hunter who's learning everyday and sharing useful resources as I move along. Subscribe to my channel because I'll be sharing my knowledge in new videos regularly. SIGN UP ON Intigriti: http://go.intigriti.com/farah BUY ME A COFFEE: https://www.buymeacoffee.com/farahhawa SOCIAL MEDIA: Follow me on Twitter:   / farah_hawaa   Follow me on Instagram:   / farah_hawaa   Connect with me on LinkedIn:   / farah-hawa-a012b8162   TIME STAMPS: 00:00 Introduction 00:56 What is Cache? 01:24 Which files are cached? 01:52 Lab Demo 03:08 Path Confusion 04:06 The Bug 05:42 Attackers Exploitation 06:29 Summarizing Conditions 06:53 Instructions for the lab INSTRUCTIONS TO SET UP VARNISH WITH YOUR APP: https://linuxhint.com/varnish_cache_u... CONFIG CODE: sub vcl_recv { if (req.url ~ "^[^?]*\.(php)(\?.*)?$") { return (pass); } if (req.url ~ "^[^?]*\.(css|jpg|js|gif|png|xml|flv|gz|txt|...)(\?.*)?$") { return (hash); } } RESOURCES FOR WEB CACHE DECEPTION: https://www.blackhat.com/docs/us-17/w... https://blog.cloudflare.com/understan... https://omergil.blogspot.com/2017/02/... https://blog.takemyhand.xyz/2018/05/w... HACKERONE REPORTS: https://hackerone.com/reports/593712 https://hackerone.com/reports/397508 Video editor: https://www.fiverr.com/pixelstudios1