# Title: Kache / CPRF # Date: 03/01/2019 # Discovered by: @codexlynx # Software Version: <= Commit: de2c39491625c3f087027be961a17191e85f6d30 (For now they don't version) # Category: go, resp, cprf [1]CPRF (Cross Protocol Request Forgery) -------------------------------- Kache server don't close connection when unknown strings are received. This can allow to a malicious actor to perform cross protocol interactions. - POC 1: Set a key by HTTP: - POC 2: Exploit this CPRF for set a key via SSRF + CRLF Injection: https:///ssrf.php?url_to_post=http://:/%0D%0Aset%20mykey%20myvalue