@SirBagoza @PortSwigger It has crashed so many times that now I am using dev tools.

@MiniMjStar I think reading the full article is better than watching the presentation. In the research paper, everything is explained in detail.

@MiniMjStar The cache server has to nomarlize the path before taking it into the cache key and forward it to the origin server with dot segments. The origin server will return 404 since it doesn't do any normalization for the DS. Which will poison the path with or without DS.

@MiniMjStar Yeah. Some programs doesn't consider cpdos as a threat when it affects static resources only. But it is actually a really serious threat and can easily make website unresponsive. Most programs do accept them.

@MiniMjStar Try doing it manually. You will learn a lot of things and it will be easy to find different exploit chains after spending a good time with the target. Automation will miss a heck lot of things.

@MiniMjStar It was an example. Some applications use custom header to make arbitrary changes to the certain files. It can be JS, CSS or images etc. And if it is not included in the cache key, you can pretty much exploit jt for DoS.

@MiniMjStar Nope. I think manually looking for such issues are more reliable since there can be lots of ways to check for such issue and also it depends on application how they treat such discrepancies.

@harshleenchawl2 Not really.

@addydaddymc Sometimes application might disclose it on response headers or in JS files. When you see any application using weird response header, just try that header in the request and observe if it is doing anything with the response. And ofcourse of you can cache the malformed response.

@i_am_mayor_ @cyb3rf034r3ss Informative.

@iamunixtz Congrats!!

@ITSecurityguard Lol

@mahfujwhh @intigriti Congrats!!

@th3yca1m3Mufasa @PortSwigger Keep going... a hit is a hit even though if it was a dupe.

@ParamJani21 Thanks buddy. It was just simple ffuf command, nothing really interesting. I just fuzzed most vulnerable headers and wrote a script to filter out all cacheable domains and also checked if they are vulnerable to cache poisoning issues.

@Cyberruler Thanks buddy !!

@moe1n1 Don't tell me, you have waited a year to receive bounties as well. I have few pending bounties from months and still haven't gotten it.

@moe1n1 WTF ????????????? You telling me, I have to wait a YEAR just for them to close it.