Cache Poisoning

This skill should be used when the user asks about "cache poisoning", "web cache deception", "CDN cache", "proxy cache", "nginx cache", "varnish", "cache key manipulation", "response caching", or needs to find cache-related vulnerabilities during whitebox security review.

14 stars

Best use case

Cache Poisoning is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

This skill should be used when the user asks about "cache poisoning", "web cache deception", "CDN cache", "proxy cache", "nginx cache", "varnish", "cache key manipulation", "response caching", or needs to find cache-related vulnerabilities during whitebox security review.

Teams using Cache Poisoning should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/cache-poisoning/SKILL.md --create-dirs "https://raw.githubusercontent.com/allsmog/vuln-scout/main/vuln-scout/skills/cache-poisoning/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/cache-poisoning/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How Cache Poisoning Compares

Feature / AgentCache PoisoningStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

This skill should be used when the user asks about "cache poisoning", "web cache deception", "CDN cache", "proxy cache", "nginx cache", "varnish", "cache key manipulation", "response caching", or needs to find cache-related vulnerabilities during whitebox security review.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Cache Poisoning & Web Cache Deception

## Purpose

Provide detection patterns for HTTP cache poisoning and web cache deception vulnerabilities, including proxy cache misconfigurations, cache key manipulation, and authenticated response caching.

## OWASP Top 10 Mapping

**Category**: Related to A01 (Broken Access Control), A05 (Security Misconfiguration)

**CWEs**:
- CWE-524: Use of Cache Containing Sensitive Information
- CWE-525: Use of Web Browser Cache Containing Sensitive Information
- CWE-444: Inconsistent Interpretation of HTTP Requests
- CWE-436: Interpretation Conflict

## When to Use

Activate this skill when:
- Reviewing proxy/CDN configurations (Nginx, Varnish, Cloudflare, etc.)
- Analyzing SSRF vulnerabilities for exfiltration vectors
- Auditing applications with static file caching
- Looking for authenticated content exposure
- Checking cache key construction for manipulation

---

## Web Cache Deception

### Overview

Web cache deception occurs when:
1. Proxy caches responses based on file extension (e.g., `.png`, `.css`)
2. Application serves dynamic content regardless of path extension
3. Attacker tricks victim into visiting `/profile.png`
4. Proxy caches authenticated response
5. Attacker retrieves cached sensitive data

### Detection Patterns

#### Nginx Cache Configuration

```bash
# Find proxy cache configurations
grep -rniE "proxy_cache|proxy_cache_valid|proxy_cache_key" --include="*.conf" --include="nginx.conf"

# Check cache rules for static extensions (HIGH RISK)
grep -rniE "location.*\.(css|js|png|jpg|jpeg|gif|ico|svg|woff)" -A10 --include="*.conf" | grep -iE "proxy_cache|cache"

# Cache key analysis - look for missing user identification
grep -rniE "proxy_cache_key" --include="*.conf"

# Caching authenticated responses (CRITICAL if no Vary header)
grep -rniE "proxy_cache_valid\s+200" --include="*.conf"
```

#### Varnish Cache Configuration

```bash
# VCL cache rules
grep -rniE "vcl_recv|vcl_hash|vcl_backend_response" --include="*.vcl"

# Static extension caching
grep -rniE "req\.url.*\.(css|js|png|jpg|jpeg|gif|ico)" --include="*.vcl"

# Cache TTL settings
grep -rniE "set beresp\.ttl|beresp\.grace" --include="*.vcl"
```

#### Apache/mod_cache

```bash
# mod_cache configuration
grep -rniE "CacheEnable|CacheRoot|CacheMaxExpire" --include="*.conf" --include=".htaccess"

# Cache for specific paths
grep -rniE "CacheEnable.*disk" --include="*.conf"
```

#### CDN/Cloud Configurations

```bash
# Cloudflare/AWS CloudFront
grep -rniE "cache.*control|edge.*cache|cdn.*cache|cloudfront|cloudflare" --include="*.json" --include="*.yaml" --include="*.yml"

# Cache-Control headers
grep -rniE "Cache-Control|max-age|s-maxage|public|private" --include="*.go" --include="*.py" --include="*.java" --include="*.ts" --include="*.php"
```

---

## Cache Key Manipulation

### Detection Patterns

```bash
# Host header in requests (potential cache key manipulation)
grep -rniE "Host.*header|getHeader.*Host|X-Forwarded-Host|X-Original-Host" --include="*.go" --include="*.py" --include="*.java" --include="*.ts" --include="*.php"

# Query parameter handling
grep -rniE "query.*param|request\.query|getQueryString" --include="*.go" --include="*.py" --include="*.java" --include="*.ts" --include="*.php"

# Cache key includes query string?
grep -rniE "proxy_cache_key.*query|CacheKeyQueryString" --include="*.conf" --include="*.vcl"
```

### Cache Key Injection via Headers

```bash
# X-Forwarded-* headers that might be in cache key
grep -rniE "X-Forwarded-Host|X-Forwarded-Scheme|X-Forwarded-Proto" --include="*.conf" --include="*.go" --include="*.py"

# Unkeyed headers that affect response
grep -rniE "X-Original-URL|X-Rewrite-URL" --include="*.conf" --include="*.go" --include="*.py"
```

---

## SSRF + Cache Poisoning Chain

### Overview

When SSRF response is not directly returned to attacker:
1. Make SSRF request to `/sensitive-endpoint.png`
2. Proxy caches the response (thinks it's static)
3. Attacker requests same path
4. Gets cached sensitive data

### Detection Patterns

```bash
# SSRF endpoints that make internal requests
grep -rniE "requests\.get|http\.Get|fetch\(|axios\.|urllib" --include="*.py" --include="*.go" --include="*.js" --include="*.ts"

# User-controlled URLs in SSRF
grep -rniE "url.*=.*request|uri.*=.*request|callback.*=.*request" --include="*.py" --include="*.go" --include="*.js" --include="*.ts"

# Check if proxy caches the response path
grep -rniE "proxy_cache|cache_valid" -B5 -A5 --include="*.conf"
```

### Verification Checklist for SSRF + Cache

- [ ] Can attacker control part of the request path?
- [ ] Does proxy cache responses based on path/extension?
- [ ] Can attacker add file extension to bypass cache rules?
- [ ] Is there a timing window to retrieve cached response?

---

## Path Extension Abuse

### Overview

Many caches use file extension to determine cacheability:
- `/api/user/profile` - NOT cached (dynamic)
- `/api/user/profile.png` - CACHED (static file)

If the application ignores the extension and serves the same content, this enables cache deception.

### Detection Patterns

```bash
# Flask/Django wildcard routes
grep -rniE "route.*<path:|path:subpath|<.*:.*>" --include="*.py"

# Express catch-all routes
grep -rniE "app\.get\('\*'|router\.get\('\*'|\.use\('\/'," --include="*.js" --include="*.ts"

# Nginx location blocks that proxy regardless of extension
grep -rniE "location\s+/|location\s+~" -A10 --include="*.conf" | grep -iE "proxy_pass"

# Check if routes handle extensions gracefully (ignore them)
grep -rniE "\.split\('\.\'\)|path\.extname|endswith|path.*extension" --include="*.py" --include="*.go" --include="*.js" --include="*.ts"
```

---

## Response Caching of Authenticated Content

### Detection Patterns

```bash
# Missing Vary header (should include Authorization/Cookie)
grep -rniE "Vary.*header|add_header.*Vary" --include="*.conf" --include="*.go" --include="*.py"

# Cache-Control: private not set for authenticated endpoints
grep -rniE "@login_required|@jwt_required|isAuthenticated|requireAuth" -A20 --include="*.py" --include="*.go" --include="*.js" --include="*.ts" | grep -iE "cache|response"

# Session/Cookie in cached responses
grep -rniE "Set-Cookie.*Cache|Cache-Control.*Set-Cookie" --include="*.conf" --include="*.py" --include="*.go"
```

### Proper Cache Headers for Authenticated Content

```
Cache-Control: private, no-store, must-revalidate
Vary: Authorization, Cookie
```

---

## CDN-Specific Patterns

### Cloudflare

```bash
# Page Rules caching
grep -rniE "page.*rules|cache.*level|cache.*everything" --include="*.json" --include="*.tf"

# Bypass cache
grep -rniE "bypass.*cache|cache\.bypass" --include="*.json"
```

### AWS CloudFront

```bash
# Cache behaviors
grep -rniE "CacheBehavior|DefaultCacheBehavior|CachePolicyId" --include="*.json" --include="*.yaml" --include="*.tf"

# Origin request policy
grep -rniE "OriginRequestPolicy|ForwardedValues" --include="*.json" --include="*.yaml"
```

### Fastly/Akamai

```bash
# VCL snippets
grep -rniE "snippet|vcl_recv|vcl_hash" --include="*.vcl" --include="*.json"

# Edge logic
grep -rniE "edge.*cache|surrogate.*key" --include="*.json" --include="*.yaml"
```

---

## Framework-Specific Checks

### Django

```bash
# Cache framework usage
grep -rniE "django\.core\.cache|@cache_page|CACHES\s*=" --include="*.py"

# Vary header decorator
grep -rniE "@vary_on_headers|@vary_on_cookie" --include="*.py"
```

### Express/Node.js

```bash
# Express static middleware
grep -rniE "express\.static|serve-static|maxAge" --include="*.js" --include="*.ts"

# Cache headers in responses
grep -rniE "res\.set.*Cache|setHeader.*Cache" --include="*.js" --include="*.ts"
```

### Spring Boot

```bash
# Cache annotations
grep -rniE "@Cacheable|@CacheEvict|@CachePut" --include="*.java"

# Spring Cache configuration
grep -rniE "spring\.cache|CacheManager|EhCache|Redis" --include="*.properties" --include="*.yaml"
```

### Go

```bash
# HTTP caching libraries
grep -rniE "httpcache|groupcache|bigcache" --include="*.go"

# Cache-Control headers
grep -rniE "Cache-Control|w\.Header\(\)\.Set" --include="*.go"
```

---

## Cross-Layer Analysis

### Verification Steps

When analyzing cache vulnerabilities, check all layers:

1. **Application Layer**
   - Does app handle path extensions?
   - What data is in authenticated responses?
   - Are Cache-Control headers set?

2. **Proxy Layer (Nginx/HAProxy)**
   - What paths are cached?
   - How is cache key constructed?
   - What's the cache TTL?

3. **CDN Layer (Cloudflare/CloudFront)**
   - Page rules / cache behaviors
   - Origin cache settings
   - Cache key configuration

### Command to Check Full Stack

```bash
# Find all config files
find . -name "*.conf" -o -name "*.vcl" -o -name "nginx*" -o -name "*cloudfront*" -o -name "*cdn*" 2>/dev/null | head -20

# Check for cache configuration across all layers
grep -rniE "cache|proxy_cache|vcl_|CDN|cloudfront|cloudflare" --include="*.conf" --include="*.vcl" --include="*.json" --include="*.yaml" --include="*.tf"
```

---

## Exploitation Checklist

When cache vulnerabilities are found:

- [ ] Identify what content can be cached
- [ ] Determine if authenticated responses are cacheable
- [ ] Find a way to make victim visit poisoned URL
- [ ] Check cache TTL to understand exploitation window
- [ ] Verify cache key doesn't include session identifiers
- [ ] Test path extension abuse (add `.css`, `.png`, `.js`)
- [ ] Check for unkeyed headers that affect response

---

## Example Attack Scenarios

### Scenario 1: SSRF + Cache Deception (CDNio Pattern)

```
1. SSRF allows bot to visit internal URLs as admin
2. Nginx caches /*.png for 3 minutes
3. Make bot visit /profile.png (admin profile)
4. Request /profile.png → Get cached admin data
```

### Scenario 2: Path Confusion

```
1. App serves /api/user regardless of extension
2. CDN caches /api/user.css (thinks it's static)
3. Attacker requests /api/user.css
4. Gets user profile from cache
```

### Scenario 3: Host Header Poisoning

```
1. Cache key includes Host header
2. Inject X-Forwarded-Host: evil.com
3. Response contains evil.com URLs
4. Cache serves poisoned response to all users
```

---

## Remediation

### Nginx

```nginx
# Don't cache authenticated responses
location ~* \.(css|js|png|jpg)$ {
    proxy_cache cache;
    proxy_cache_valid 200 3m;
    # Add this to prevent caching authenticated responses
    proxy_cache_bypass $http_authorization $cookie_session;
    proxy_no_cache $http_authorization $cookie_session;
}
```

### Application

```python
# Set proper cache headers for authenticated endpoints
@app.route('/profile')
@jwt_required
def profile():
    response = make_response(jsonify(user_data))
    response.headers['Cache-Control'] = 'private, no-store'
    response.headers['Vary'] = 'Authorization'
    return response
```

### CDN

- Include Authorization/Cookie in cache key
- Use "Cache-Control: private" for authenticated content
- Set appropriate cache behaviors per path pattern

---

## CWE References

| CWE | Name | Example |
|-----|------|---------|
| CWE-524 | Sensitive Info in Cache | Authenticated data cached |
| CWE-525 | Browser Cache Sensitive Info | Secrets in browser cache |
| CWE-444 | HTTP Request Smuggling | Cache poisoning via smuggling |
| CWE-436 | Interpretation Conflict | Path extension confusion |

Related Skills

Workspace Discovery

14
from allsmog/vuln-scout

This skill should be used when the user asks to "detect workspaces", "find packages", "list monorepo packages", "workspace structure", "monorepo analysis", or needs to identify workspace/package boundaries in a codebase for focused security analysis.

vulnerability-chains

14
from allsmog/vuln-scout

This skill should be used when the user asks about "vulnerability chains", "chained exploits", "multi-step attacks", "SSRF to RCE", "pivot attacks", or needs to identify how vulnerabilities in different components can be combined during whitebox security review.

Vulnerability Patterns

14
from allsmog/vuln-scout

This skill should be used when the user asks about "vulnerability patterns", "how to find SQL injection", "XSS patterns", "command injection techniques", "OWASP vulnerabilities", "common web vulnerabilities", "exploitation patterns", or needs to understand how specific vulnerability classes work during whitebox security review.

Threat Modeling

14
from allsmog/vuln-scout

This skill should be used when the user asks about "threat model", "STRIDE", "data flow diagram", "attack surface", "threat analysis", "security architecture", "component threats", "trust boundaries", "technology decomposition", or needs systematic threat identification during whitebox security review.

verify-finding

14
from allsmog/vuln-scout

Drive a single finding through CPG verification and false-positive triage.

start-audit

14
from allsmog/vuln-scout

Guided first-run security audit: doctor, scope, threats, scan, verify, report.

scope-repo

14
from allsmog/vuln-scout

Decide audit boundaries for large or monorepo targets and write audit-plan.md.

review-pr

14
from allsmog/vuln-scout

Diff-aware PR security review with verified findings and PR comment payload.

package-evidence

14
from allsmog/vuln-scout

Bundle findings, reports, audit plan, and ledger into one evidence zip.

Sensitive Data Leakage

14
from allsmog/vuln-scout

Detect ANY credential/secret flowing to ANY output sink. Use when asked about "credential leakage", "secret logging", "sensitive data exposure", "CWE-532", "password in logs", "token exposure", or security logging issues.

Security Misconfiguration

14
from allsmog/vuln-scout

This skill should be used when the user asks about "security misconfiguration", "default credentials", "debug mode", "security headers", "exposed endpoints", "TLS configuration", or needs to find configuration-related vulnerabilities during whitebox security review.

Secret Scanning

14
from allsmog/vuln-scout

This skill should be used when the user asks about "secret scanning", "find secrets", "hardcoded credentials", "leaked API keys", "git history secrets", "credential scanning", "detect passwords in code", or needs to identify secrets and credentials in source code or git history during whitebox security review.