Apple Hall Of Fame for a Small Misconfiguration || Unauth Cache Purging

Hello guys👋👋 ,Prajit here from the BUG XS Team , recently I got acknowledgement for reporting a valid issue on Apple Program. So that bug is called Unauth Cache Purging. So let us take look at some of the important concepts which are important to understand the vulnerability.

What are Caches?

Let me give you an example, so if you are visiting a website for the first time, it loads image, fonts, files, etc from the server. Now if this is being done each time you visit a website, it increases the request traffic to the server, so instead to avoid this situation, caches are used. So now whenever you are visiting a website for the first time it loads the image , fonts, etc and as well as copies these content in a file on your system. So now anytime if you visit the website again, rather than making request to server, it retrieves the information from the caches in your system itself. Hence this would be helpful to reduce traffic on server as well as on client side, website will load much faster.

Cache Working Visual Representation-1
Cache Working Visual Representation-2

Now, the above two images might have made it clear, what is cache, how are the used and why are the useful. Now let’s move on to the next concept…

What is Cache Purge Request?

The Cache Purge request, simply allows users to delete any cached resource. Now let use move to the main vulnerability…

Unauthenticated Cache Purge

How to Perform: Simply give the curl command: curl -X PURGE https://target.com

If it is vulnerable it will look like this:

Vulnerable

If it is not vulnerable, it will look like this:

Not Vulnerable

Mitigation: Disallow cache purge requests or limit to authenticated users only.

Report/Reference: https://hackerone.com/reports/154278

So this is all about this write-up, hope you liked it, if you found this informative, do not forget to clap👏 and do let me know if you have any doubts✌️.

Thanks For Reading😊

Profile Links:

Twitter: https://twitter.com/PrajitSindhkar?s=08

LinkedIn: https://www.linkedin.com/in/prajit-sindhkar-3563b71a6/

Instagram: https://instagram.com/prajit_01?utm_medium=copy_link

BUG XS Official Website: https://www.bugxs.co/

I am a India Based Security Researcher, Bugcrowd Top 500 Hacker and Bug Bounty Leader of the BUGXS Community