Apple Hall Of Fame for a Small Misconfiguration || Unauth Cache Purging

What are Caches?

Caching is a process that stores multiple copies of data or files in a temporary storage location /cache, so they can be accessed faster. It temporarily saves data for software applications, servers, and web browsers, which ensures users need not download information every time they access a website or application.

Cache Working Visual Representation-1
Cache Working Visual Representation-2

What is Cache Purge Request?

Cache Purge means to delete the stored caches. So if you purge the cache, it means the next time you visit that website, it will generate the page by pulling info from the database (the original method). Then, it will recopy the page again to create a new cache.

Unauthenticated Cache Purge

Description: If the Purge request is available to any user, even those who are not authenticated, they can delete/invalidate the caches stored at certain resource. This can lead to increased bandwidth costs and degraded application performance. Allowing anonymous users to purge cache could be used to maliciously degrade performance.

Vulnerable
Not Vulnerable

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prajit Sindhkar

Prajit Sindhkar

1.5K Followers

I am a India Based Security Researcher, Bugcrowd Top 500 Hacker and Bug Bounty Leader of the BUGXS Community