Denial Of Service via Cache Poisoning - It’s ToxiC

Summary :

Denial Of Service :

Denial-of-Service (DoS) is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users of the service or resource they expected.

Cache Poisoning :

Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.

The cache key only includes the highlighted values, so anyone who subsequently tried to access that URL would get a cache hit and receive the This site can’t be reached response with an error “ERR_UNSAFE_PORT”.

This vulnerability can be exploited in many variations for eg. : using X-Forwarded-Port, X-Forwarded-SSL, Transfer-Encoding etc.

1. X-Forwarded-Port :

X-Forwarded-Port header could be used to persistently poison a redirect with an invalid port, causing a timeout for everyone trying to access the website.

2. X-Forwarded-SSL :

On some websites you can use X-Forwarded-SSL header to overwrite certain pages with a response saying ‘Contradictory scheme headers’.

3. Transfer-Encoding :

You could break core functionality by using an invalid Transfer-Encoding header which will give you the message ‘501 Not Implemented’ and can also overwrite arbitrary pages using Transfer-Encoding.

How to find this vulnerability ?

  1. Go to your terminal and type this command

Command : curl -H ‘X-Forwarded-Port: 123’


2. Then try to load in your browser

Cached Page

3. You can also use X-Forwarded-Host header:
curl -H ‘X-Forwarded-Host:'


How to find this vulnerability using Transfer-Encoding header ?

  1. Go to target website and intercept the request using burp suite
  2. Send the request to repeater and add the header zTRANSFER-ENCODING: dgsht

3. Click on go and check the response, if it is vulnerable then it will show you an error of 501 ‘NOT_IMPLEMENTED’

501 Not Implemented

Impact : An attacker can persistently block access to any redirects on your target website.

Thank You :)

Instagram : jerry._.3

Happy Hacking ;)




|Penetration Tester| |Hack The Box| |Digital Forensics| |Malware Analysis|

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How can MFA solve the burning issue of Cyber Security in Healthcare?

{UPDATE} Speed through Free-An enhanced reaction game Hack Free Resources Generator

CVE-2020–9962 : Apple FontParser Buffer Overflow Vulnerability (Short)

Top 5 China Proxy Providers

CyberSploit2 CTF — Vulnhub walkthrough

Is It Safe to Browse Deep Web?

Cybersecurity and the AI Arms Race

PolkaCipher Whitelisting Details for TrustPad IDO

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jerry Shah (Jerry)

Jerry Shah (Jerry)

|Penetration Tester| |Hack The Box| |Digital Forensics| |Malware Analysis|

More from Medium

Parameter Pollution - Zero Day

Hunting for Bugs in Shopping/Billing Feature.

WebAppSec: Parameter Tampering

Writeup: CSRF where token is duplicated in cookie @ PortSwigger Academy