home/categories/security/wgpsec-aboutsecurity-skills-exploit-cache-poisoning-smuggling-skill-md

securitytesting-security

cache-poisoning-smuggling

Name: cache-poisoning-smuggling
Author: wgpsec

Web 缓存投毒和 HTTP 请求走私。当目标使用 CDN/反向代理/缓存层（Cloudflare/Varnish/Nginx）、或有前后端服务器架构差异时使用。通过操纵缓存键或利用 HTTP 解析差异来投毒缓存或绕过安全控制。高级 Web 攻击技术

maintainer

wgpsec

Updated 4/6/2026

Stars

1109

Forks

193

quick start

Installation and usage

Installation

$ install --globalskills.sh

Usage

Once installed, you can use this skill by running the following command in your terminal:

skills use cache-poisoning-smuggling