Open marcelo321 opened 3 months ago
Hey @marcelo321 , did you find this out? It's first time I'm running this and got this:
Do we hae to link CSS files, or how does one see how the tool performs CSS poisoning, how it differs from the other tests?
WCVS searches responses for linked CSS files. It is not possible to directly link CSS files. CSS files are mostly static but there may be occasions where CSS files reflect the requests URL. WCVS checks if that is the case and if true whether it's possible to poison the cache with an arbitrary URL. That is the only check for CSS files.
Hey @marcelo321 , did you find this out? It's first time I'm running this and got this:
The website you are scanning returns Cf-Cache-Status: DYNAMIC. This means, that the response is not eligible for caching. Hence, wcvs will not test for web cache poisoning (unless you force it to with -f/-force). However, it is trying to achieve web cache deception. This means that it is trying to manipulate the request in order for the response to get cached. It is doing this by trying to trick the Cache Proxy into thinking that a css files is requested. That is because css files will be cached most of the times. The status codes 400 and 444 mean that the Cache Proxy could not be tricked.
@m10x Thank you so much for your great explanation and the tool 🙏
Do we hae to link CSS files, or how does one see how the tool performs CSS poisoning, how it differs from the other tests?