Merge pull request #5547 from ColbyJack1134/patch-1

Update cache-poisoning-fuzz.yaml

fuzzing/cache-poisoning-fuzz.yaml

@@ -2,33 +2,34 @@ id: cache-poisoning-fuzz
 
 info:
   name: Cache Poison Fuzzing
-  author: dwisiswant0
+  author: dwisiswant0,ColbyJack1134
   severity: info
   reference:
     - https://youst.in/posts/cache-poisoning-at-scale/
-  tags: cache,fuzz
+    - https://portswigger.net/web-security/web-cache-poisoning
+  tags: fuzz,cache
 
 requests:
   - raw:
       - |
-        GET /?{{uniq}}=1 HTTP/1.1
+        GET /?{{md5(headers)}}=1 HTTP/1.1
         Host: {{Hostname}}
-        {{headers}}: {{uniq}}.tld
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
+        {{headers}}: {{randstr}}.tld
 
       - |
-        GET /?{{uniq}}=1 HTTP/1.1
+        GET /?{{md5(headers)}}=1 HTTP/1.1
         Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
 
     attack: clusterbomb
     payloads:
-      uniq:
-        - "{{md5(rand_text_numeric(32))}}"
       headers: helpers/wordlists/headers.txt
 
     stop-at-first-match: true
-    req-condition: true
-
     matchers:
       - type: dsl
         dsl:
-          - 'contains(body_2, "{{uniq}}")'
+          - 'contains(body_1, "{{randstr}}")'
+          - 'contains(body_2, "{{randstr}}")'
+        condition: and