Apple Hall Of Fame for a Small Misconfiguration || Unauth Cache Purging

Hello guys👋👋 ,Prajit here from the BUG XS Team , recently I got acknowledgement for reporting a valid issue on Apple Program. So that bug is called Unauth Cache Purging. So let us take look at some of the important concepts which are important to understand the vulnerability.

What are Caches?

Caching is a process that stores multiple copies of data or files in a temporary storage location /cache, so they can be accessed faster. It temporarily saves data for software applications, servers, and web browsers, which ensures users need not download information every time they access a website or application.

Let me give you an example, so if you are visiting a website for the first time, it loads image, fonts, files, etc from the server. Now if this is being done each time you visit a website, it increases the request traffic to the server, so instead to avoid this situation, caches are used. So now whenever you are visiting a website for the first time it loads the image , fonts, etc and as well as copies these content in a file on your system. So now anytime if you visit the website again, rather than making request to server, it retrieves the information from the caches in your system itself. Hence this would be helpful to reduce traffic on server as well as on client side, website will load much faster.

Cache Working Visual Representation-1

Cache Working Visual Representation-2

Now, the above two images might have made it clear, what is cache, how are the used and why are the useful. Now let’s move on to the next concept…

What is Cache Purge Request?

Cache Purge means to delete the stored caches. So if you purge the cache, it means the next time you visit that website, it will generate the page by pulling info from the database (the original method). Then, it will recopy the page again to create a new cache.

The Cache Purge request, simply allows users to delete any cached resource. Now let use move to the main vulnerability…

Unauthenticated Cache Purge

Description: If the Purge request is available to any user, even those who are not authenticated, they can delete/invalidate the caches stored at certain resource. This can lead to increased bandwidth costs and degraded application performance. Allowing anonymous users to purge cache could be used to maliciously degrade performance.

How to Perform: Simply give the curl command: curl -X PURGE https://target.com

If it is vulnerable it will look like this:

Vulnerable

If it is not vulnerable, it will look like this:

Not Vulnerable

Mitigation: Disallow cache purge requests or limit to authenticated users only.

Report/Reference: https://hackerone.com/reports/154278

So this is all about this write-up, hope you liked it, if you found this informative, do not forget to clap👏 and do let me know if you have any doubts✌️.

Thanks For Reading😊

Profile Links:

Twitter: https://twitter.com/SAPT01

LinkedIn: https://www.linkedin.com/in/prajit-sindhkar-3563b71a6/

Instagram: https://instagram.com/prajit_01?utm_medium=copy_link

BUG XS Official Website: https://www.bugxs.co/