{"url":"https://cysec148.hatenablog.com/entry/2025/08/20/165758","width":"100%","height":"190","version":"1.0","blog_title":"Shikata Ga Nai","provider_name":"Hatena Blog","type":"rich","categories":["Web Security Academy","Web Cache"],"html":"","image_url":null,"author_name":"ThisIsOne","blog_url":"https://cysec148.hatenablog.com/","provider_url":"https://hatena.blog","published":"2025-08-20 16:57:58","description":"Hello there, ('\u03c9')\u30ce \u306d\u3089\u3044 \u3053\u306eLAB\u306f\u3001\u30a2\u30d7\u30ea\u304c\u6a5f\u5bc6\u30da\u30fc\u30b8\uff08\u4f8b\uff1a/my-account\uff09\u3092\u8fd4\u3057\u3066\u3044\u308b\u306e\u306b\u3001CDN/\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u898f\u5247\u304c\u7279\u5b9a\u30d5\u30a1\u30a4\u30eb\u540d\u3060\u3051\u53b3\u5bc6\u4e00\u81f4\u3067\u30ad\u30e3\u30c3\u30b7\u30e5\uff08\u4f8b\uff1a/robots.txt\uff09\u3057\u3066\u3044\u308b\u6b6a\u307f\u3092\u7a81\u304d\u307e\u3059\u3002 \u533a\u5207\u308a\u6587\u5b57\uff08; \u3084 ?\uff09\u3068\u30d1\u30b9\u6b63\u898f\u5316\uff08..%2f\uff09\u306e\u89e3\u91c8\u5dee\u3092\u7d44\u307f\u5408\u308f\u305b\u3001\u30aa\u30ea\u30b8\u30f3\u306b\u306f /my-account \u3092\u898b\u305b\u3064\u3064\u3001\u30ad\u30e3\u30c3\u30b7\u30e5\u306b\u306f /robots.txt \u3068\u3057\u3066\u4fdd\u5b58\u3055\u305b\u308b\u3053\u3068\u3067\u3001\u88ab\u5bb3\u8005\u306eCSRF\u30c8\u30fc\u30af\u30f3\u3092\u76d7\u307f\u3001\u6700\u7d42\u7684\u306badministrator\u306e\u30e1\u30fc\u30eb\u3092\u5909\u66f4\u3057\u307e\u3059\u3002 \u5168\u4f53\u50cf\uff08\u30b9\u30c8\u30fc\u30ea\u30fc\uff09 \u81ea\u5206\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u3001/my-\u2026","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","title":"\u3010\u6709\u6599\u8a66\u4f5c\u7248\u3011PortSwigger LAB\u89e3\u8aac\uff1aExploiting exact-match cache rules for web cache deception\uff08\u53b3\u5bc6\u4e00\u81f4\u30ad\u30e3\u30c3\u30b7\u30e5\u898f\u5247\u3092\u7a81\u304fWCD\uff09"}