cache-poisoning

7 articles
Sort: New Top Best
clear filter
bug-bounty625 facebook446 xss316 google124 rce106 microsoft73 csrf60 account-takeover55 web355 writeup50 apple46 malware45 sqli41 exploit41 privilege-escalation35 ssrf35 cve34 dos34 cloudflare29 defi28 phishing26 smart-contract-vulnerability25 access-control25 ethereum24 smart-contract24 clickjacking24 idor24 subdomain-takeover24 vulnerability-disclosure23 remote-code-execution21 auth-bypass19 lfi19 node18 race-condition17 authentication-bypass15 cors15 solidity15 reverse-engineering15 cloud15 oauth14 aws14 react13 web-security12 info-disclosure12 supply-chain12 sql-injection12 delegatecall11 web-application-security11 denial-of-service11 browser11
0 9/10
Breaking GitHub Private Pages for $35k
vulnerability

A multi-stage vulnerability in GitHub's private pages authentication flow combining CRLF injection, null byte parsing bypass, and cookie prefix case-sensitivity to achieve XSS and cache poisoning on private organization pages. The attack exploited case-insensitive cookie handling to bypass __Host- prefix protections and nonce fixation to achieve unauthenticated arbitrary code execution.

xss crlf-injection authentication-bypass cookie-security cache-poisoning github-pages null-byte-injection prefix-bypass nonce-fixation bug-bounty private-disclosure
GitHub HackerOne ginkoid $35,000 bounty github.io pages-auth.github.com
robertchen.cc · kh4sh3i/bug-bounty-writeups · 3 hours ago · details
0
Automate Cache Poisoning Vulnerability - Nuclei
vulnerability
cache-poisoning
blog.melbadry9.xyz · kh4sh3i/bug-bounty-writeups · 3 hours ago · details
0
Poisoning your Cache for 1000$ - Approach to Exploitation Walkthrough
vulnerability
cache-poisoning
galnagli.com · kh4sh3i/bug-bounty-writeups · 3 hours ago · details
0
Cache Poisoning DoS
vulnerability
cache-poisoning dos
iustin24.github.io · kh4sh3i/bug-bounty-writeups · 3 hours ago · details
0
Chaining caache poisining to stored XSS
vulnerability
cache-poisoning xss
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 3 hours ago · details
0
Fixing request smuggling vulnerabilities in Pingora OSS deployments
vulnerability
bug-bounty cache-poisoning cloudflare cve exploit node request-smuggling
CVE-2026-2833 CVE-2026-2835 CVE-2026-2836
blog.cloudflare.com · Edward Wang · 3 days ago · details