Web Cache Entanglement: Novel Pathways to Poisoning - James Kettle (albinowax)

@albinowax you're the most awesome hacker. And your talks are always top notch.

The best video on this topic so far

26:14 the callback parameter was cache key and both ROR & CDN caches are splitting the parameters with & and ; . So why didn't the CDN notice that the callback parameter is different from the UTM_content parameter. So the CDN cache key for callback didn't even notice that the same cache key parameter is repeating second time?
Why it wasn't, like
callback(keyed)&(unkeyed); callback(keyed).

What the hell? Cloudflare of all services doesn't think the unkeyed port param cache poisoning is an issue? What drugs are they taking, leaving in a vulnerability like that? I'm honestly baffled. Anyway thanks for the research man, this is some truly top quality stuff

Thank you so much, sir!

thanks james allways mind blowing !!!!!!

Good stuff but what about Cloudfront?

Thank you for what you do

Very helpful, like always) thank you so much

Awesome Research

Awesome! thanks James!
A gif is needed to be made from 42:40 :D

Amazing !!!

thanks you so much to share your great knowledge with us thanks you sir

"for my next trick"

Dope %amazing masterpiece

That's good. Thank you

love you sir

True Legend !

To let's go kick the cache with method of albinowax

Thank you. Always as a crack.

good job :)

First Comment, love James Research

යො බොසා

100th like