{"type":"rich","url":"https://cysec148.hatenablog.com/entry/2025/09/16/074912","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","blog_title":"Shikata Ga Nai","width":"100%","title":"Lab: Cache key injection","provider_url":"https://hatena.blog","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fcysec148.hatenablog.com%2Fentry%2F2025%2F09%2F16%2F074912\" title=\"Lab: Cache key injection - Shikata Ga Nai\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","provider_name":"Hatena Blog","author_name":"ThisIsOne","published":"2025-09-16 07:49:12","image_url":null,"description":"Hello there, ('\u03c9')\u30ce \u5168\u4f53\u50cf\uff08\u4f55\u304c\u3069\u3046\u7e4b\u304c\u308b\uff1f\uff09 /login \u306e\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u304c\u4e0d\u5099 \u30af\u30a8\u30ea\u306e utm_content \u3092\u30ad\u30e3\u30c3\u30b7\u30e5\u30ad\u30fc\u304b\u3089\u9664\u5916\u3059\u308b\u6b63\u898f\u8868\u73fe\u304c\u7518\u3044\u3002 \u3053\u308c\u306b\u3088\u308a lang=en?utm_content=... \u306e\u5f8c\u308d\u306b\u672a\u30ad\u30fc\u5316\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u5217\u3092\u5b9f\u8cea\u8ffd\u8a18\u3067\u304d\u308b\uff08\uff1dunkeyed append\uff09\u3002 /login/ \u304c\u8aad\u307f\u8fbc\u3080 /js/localize.js \u304c CSPP lang \u306e\u5024\u3092URL\u30a8\u30f3\u30b3\u30fc\u30c9\u305b\u305a\u306b import \u3078\u6e21\u3059\u305f\u3081\u3001&cors=1&x=1... \u3068\u3044\u3063\u305f\u8ffd\u52a0\u30af\u30a8\u30ea\u3092\u305d\u306e\u307e\u307e\u6df7\u5165\u3067\u304d\u308b\uff08= client-side parameter polluti\u2026","blog_url":"https://cysec148.hatenablog.com/","categories":["Web Security Academy","Web Cache"],"version":"1.0","height":"190"}