Web Cache Decpetion

Everything is from portswigger

Burp Suite delimiter list: https://portswigger.net/web-security/web-cache-deception/wcd-lab-delimiter-list

In case of decoding discrepenacies:

for delimeter

Make sure that you also test encoded non-printable characters, particularly %00, %0A and %09. If these characters are decoded they can also truncate the URL path.

for path

/static/..%2fprofile

PreviousAPI testing NextCORS

Last updated 2 months ago