Skip to content

Latest commit

 

History

History
32 lines (31 loc) · 3.94 KB

TOPWEBCACHE.md

File metadata and controls

32 lines (31 loc) · 3.94 KB
Raw

Top Web Cache reports from HackerOne:

  1. DoS on PayPal via web cache poisoning to PayPal - 820 upvotes, $9700
  2. Web cache poisoning attack leads to user information and more to Postmates - 343 upvotes, $500
  3. Web Cache Poisoning leads to Stored XSS to Glassdoor - 111 upvotes, $0
  4. Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS to GSA Bounty - 80 upvotes, $750
  5. https://themes.shopify.com::: Host header web cache poisoning lead to DoS to Shopify - 73 upvotes, $2900
  6. web cache deception in https://tradus.com lead to name/user_id enumeration and other info to OLX - 61 upvotes, $0
  7. Web Cache Poisoning leads to XSS and DoS to Glassdoor - 59 upvotes, $0
  8. CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception) to Discourse - 51 upvotes, $0
  9. Web Cache Deception to Glassdoor - 51 upvotes, $0
  10. Web cache deception attack on https://open.vanillaforums.com/messages/all to Vanilla - 47 upvotes, $150
  11. [https://www.glassdoor.com] - Web Cache Deception Leads to gdtoken Disclosure to Glassdoor - 47 upvotes, $0
  12. Web Cache Deception Attack (XSS) to Discourse - 36 upvotes, $256
  13. Web cache poisoning leads to disclosure of CSRF token and sensitive information to Smule - 35 upvotes, $0
  14. Web Cache Deception vulnerability on algolia.com leads to personal information leakage to Algolia - 34 upvotes, $400
  15. Web Cache Poisoning on █████ to U.S. Dept Of Defense - 33 upvotes, $0
  16. Web Cache poisoning attack leads to User information Disclosure and more to Lyst - 30 upvotes, $0
  17. Shopify.com Web Cache Deception vulnerability leads to personal information and CSRF tokens leakage to Shopify - 29 upvotes, $800
  18. Web cache information leakage at sbermarket.ru to Mail.ru - 22 upvotes, $400
  19. https://help.nextcloud.com::: Web cache poisoning attack to Nextcloud - 22 upvotes, $0
  20. [*.rocketbank.ru] Web Cache Deception & XSS to QIWI - 21 upvotes, $0
  21. Web Cache Deception Attack (XSS) to Algolia - 21 upvotes, $0
  22. HTTP request smuggling on Basecamp 2 allows web cache poisoning to Basecamp - 20 upvotes, $1700
  23. Web Cache Poisoning to Mail.ru - 17 upvotes, $0
  24. Web cache poisoning at www.acronis.com to Acronis - 17 upvotes, $0
  25. Web cache deception attack - expose token information to Chaturbate - 15 upvotes, $0
  26. Web Cache Poisoning leading to DoS to U.S. General Services Administration - 15 upvotes, $0
  27. Several domains on kaspersky.com are vulnerable to Web Cache Deception attack to Kaspersky - 14 upvotes, $0
  28. [okmedia.insideok.ru] Web Cache Poisoing & XSS to ok.ru - 13 upvotes, $0
  29. Information Leakage via TikTok Ads Web Cache Deception to TikTok - 11 upvotes, $0
  30. Web cache deception attack - expose earning state information to Semrush - 3 upvotes, $0