🕵️ Shopify: Cache poisoning via X-Forwarded-Host in www.shopify.com/partners/blog
Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com
Hello, run in loop requests withX-Forwarded-Host: your_hackerz_site.com - after some time You will notice in response your_hackerz_site.com {F981839} now remove X-Forwarded-Host - there still be our url: {F981841} i've logged to my VPS to verify this bug and downloaded poisoned page (https://www.shopify.com/partners/blog/7-web-design-and-development-awards-you-should-enter) , it's contains links to collabolator: {F981844} {F981845} Looks like there is no URL keys so i stopped testing cause i'm breaking site functionally, but it was be worth to check if we can poison X-Forwarded-Host : foobar.pl"><img src=x onerror=blah> or try use other headers, if i get permission i can try other vectors on a older article to prevent distributing users. Impact poisoning links, eg. FB share button:... ...
📰 What is Cache Poisoning? | UpGuard
📈 26.41 Punkte
📰 IT Security Nachrichten
📰 Introduction to web cache poisoning
📈 26.41 Punkte
📰 IT Security Nachrichten