Cached and Confused - Web Cache Deception in the Wild

Explore the intricacies of Web Cache Deception (WCD) and Path Confusion attacks in this 31-minute conference talk from h@ckivitycon 2020. Delve into new exploitation techniques based on semantic disconnects among framework-independent web technologies, leading to different URL path interpretations. Learn about the effectiveness of Path Confusion in WCD attacks and discover why this technique was voted the top web hacking technique of 2019. Examine the large-scale analysis of WCD vulnerabilities on high-profile sites, and understand the complexities of remediating path confusion issues. Gain insights into potential areas for researchers and bug hunters to apply new attack vectors through various path confusion techniques. Cover topics including web cache technologies, URL structures, path parameters, URL encoding, and practical attack scenarios for both authenticated and unauthenticated attackers.