Cached and Confused - Web Cache Deception in the Wild

Explore the intricacies of Web Cache Deception (WCD) and Path Confusion attacks in this 31-minute conference talk from h@ckivitycon 2020. Delve into new exploitation techniques based on semantic disconnects among framework-independent web technologies, leading to different URL path interpretations. Learn about the effectiveness of Path Confusion in WCD attacks and discover why this technique was voted the top web hacking technique of 2019. Examine the large-scale analysis of WCD vulnerabilities on high-profile sites, and understand the complexities of remediating path confusion issues. Gain insights into potential areas for researchers and bug hunters to apply new attack vectors through various path confusion techniques. Cover topics including web cache technologies, URL structures, path parameters, URL encoding, and practical attack scenarios for both authenticated and unauthenticated attackers.

Intro
Web Cache Technologies
Web Cache Behavior
URL 101
Traditional vs Clean URL
Path Confusion 101
Basic Path Confusion (with Path Parameter)
Basic Web Cache Deception
URL Encoding
Path Confusion with Encoded ?
Effectiveness of Encoding
Practical Attack Scenarios
Authenticated vs. Unauthenticated Attacker
Cache Location
Cache Expiration
Cache Configuration