diff --git a/content/docs/getting-started/cheatsheets.md b/content/docs/getting-started/cheatsheets.md new file mode 100644 index 0000000..67ad59f --- /dev/null +++ b/content/docs/getting-started/cheatsheets.md @@ -0,0 +1,23 @@ +--- +title: "Cheatsheets" +description: "List of interesting cheatsheets" +lead: "List of interesting cheatsheets" +date: 2023-01-01T00:00:00+00:00 +lastmod: 2023-01-01T00:00:00+00:00 +draft: false +images: [] +menu: + docs: + parent: "getting-started" +weight: 40 +toc: true +--- + +## XSS + +- [mXSS cheatsheet](https://sonarsource.github.io/mxss-cheatsheet/) +- [Cross-site scripting (XSS) cheat sheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet) + +## SQL Injection + +- [SQL injection cheat sheet](https://portswigger.net/web-security/sql-injection/cheat-sheet) \ No newline at end of file diff --git a/content/docs/getting-started/introduction.md b/content/docs/getting-started/introduction.md index 79d7783..cdb1cbd 100644 --- a/content/docs/getting-started/introduction.md +++ b/content/docs/getting-started/introduction.md @@ -9,7 +9,7 @@ images: [] menu: docs: parent: "getting-started" -weight: 100 +weight: 10 toc: true --- diff --git a/content/docs/getting-started/learning.md b/content/docs/getting-started/learning.md index 7457b01..4654677 100644 --- a/content/docs/getting-started/learning.md +++ b/content/docs/getting-started/learning.md @@ -9,7 +9,7 @@ images: [] menu: docs: parent: "getting-started" -weight: 100 +weight: 20 toc: true --- diff --git a/content/docs/getting-started/vulnerability-reports.md b/content/docs/getting-started/vulnerability-reports.md index 65634ce..58a0e68 100644 --- a/content/docs/getting-started/vulnerability-reports.md +++ b/content/docs/getting-started/vulnerability-reports.md @@ -9,7 +9,7 @@ images: [] menu: docs: parent: "getting-started" -weight: 100 +weight: 30 toc: true --- @@ -89,6 +89,11 @@ toc: true - [PortSwigger -Single Packet Attack](https://portswigger.net/research/the-single-packet-attack-making-remote-race-conditions-local) +## Cache Deception + +- [Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT](https://www.shockwave.cloud/blog/shockwave-works-with-openai-to-fix-critical-chatgpt-vulnerability) +- [ChatGPT Account Takeover - Wildcard Web Cache Deception](https://nokline.github.io/bugbounty/2024/02/04/ChatGPT-ATO.html) + ## Others - [Article - Detecting uBlock on Chrome Browser](https://blog.ankursundara.com/checking-enumerating-a-users-browser-extensions/) diff --git a/content/docs/server-side/caching.md b/content/docs/server-side/caching.md new file mode 100644 index 0000000..54c3c0c --- /dev/null +++ b/content/docs/server-side/caching.md @@ -0,0 +1,43 @@ +--- +title: "Server-Side Caching" +description: "Overview of Server-Side Caching" +lead: "Overview of Server-Side Caching" +date: 2023-01-01T00:00:00+00:00 +lastmod: 2023-01-01T00:00:00+00:00 +draft: false +images: [] +menu: + docs: + parent: "server-side" +weight: 620 +toc: true +--- + +## Definition + +Server-side web caching is a technique used to improve website performance by storing frequently accessed data on the server. The server checks if the requested data is already stored in its cache before generating a new response, which can significantly reduce response time and improve user experience. + +Caching is based on multiple parameters like URL paths, MIME types, file extensions, HTTP methods, and headers, which help determine which resources are cacheable and for how long. + +## Cache Poisoing + +Cache poisoning is aimed at manipulating the client-side cache to force clients to load resources that are unexpected, partial, or under the control of an attacker. For example, you can elevate a self-XSS to a stored XSS if you manage to store the XSS inside the cache. + +## Web Cache Deception + +The goal of Web Cache Deception is to trick victims into loading resources that will be cached with sensitive information. + +Examples: +- Abusing wildcard using Path Traversal: `https://chat.openai.com/share/%2F..%2Fapi/auth/session` +- Abusing cached file extension: `https://chat.openai.com/api/auth/session/test.css` + +## Softwares + +### Cloudflare + +- [Cloudflare Docs - Default Cache Behavior](https://developers.cloudflare.com/cache/concepts/default-cache-behavior/) + +### Varnish + +- [Varnish Docs - Introduction](https://docs.varnish-software.com/varnish-enterprise/) +- [Getting Started with Varnish Cache - Linode](https://www.linode.com/docs/guides/getting-started-with-varnish-cache/) \ No newline at end of file diff --git a/hugo_stats.json b/hugo_stats.json index 8a5783c..de0261b 100644 --- a/hugo_stats.json +++ b/hugo_stats.json @@ -300,6 +300,8 @@ "buttonColorMode", "bypass", "bypass-characters", + "cache-deception", + "cache-poisoing", "cache-poisoning", "caching", "challenge", @@ -310,6 +312,7 @@ "client-side", "client-side-desync", "client-side-injection", + "cloudflare", "code-execution", "conditional-breakpoint", "conditional-property-access", @@ -333,6 +336,8 @@ "dangerous-functions", "data-import", "database-enumeration", + "default-cache-behavior", + "default-cache-settings", "definition", "deleting-properties", "discovery", @@ -448,6 +453,7 @@ "resources", "response-headers-manipulation", "restart-frame", + "rules", "samesite", "script-loading-content-type-page", "search-form", @@ -462,9 +468,11 @@ "server-side", "set-cookie-from-javascript", "socialMenu", + "softwares", "source-code", "spring-boot", "sql-functions", + "sql-injection", "sqlite", "ssrf", "ssrf---proxypass--no-ending-slash", @@ -492,6 +500,7 @@ "values", "variable-self", "variables", + "varnish", "version", "version--200", "version--2017", @@ -505,6 +514,7 @@ "vuejs", "vulnerabilities", "vulnerability-feeds", + "web-cache-deception", "werkzeug", "wordpress", "wordpress---upload-plugin-form",