Skills

hunt-cache-poison

Installation
SKILL.md

Crown Jewel Targets

Cache poisoning is high-value because a single poisoned cache entry can affect thousands or millions of victims simultaneously — one request, mass exploitation. Payout scales with blast radius.

Highest-value targets:

  • CDN-served assets (cdn.shopify.com, cloudfront distributions, Fastly/Akamai edges) — poisoning these affects every visitor globally
  • E-commerce platforms with affiliate/referral flows (Shopify, WooCommerce storefronts) — session hijack or affiliate fraud potential
  • Gaming platforms with update servers (rockstargames updates.* domains) — DoS on update delivery = widespread client breakage
  • Authentication endpoints served through caches — leads to account takeover (the highest severity variant)
  • Asset CDNs (JS/CSS delivery) — XSS payload delivery at scale
  • SaaS multi-tenant platforms — one poisoned response bleeds into all tenants sharing a cache key

Asset types that pay most: CDN hostnames, subdomain-per-tenant patterns, update/download servers, login/account pages cached incorrectly, affiliate link shorteners.

Attack Surface Signals

Installs
33
Repository
elementalsouls/…ughunter
GitHub Stars
2.6K
First Seen
May 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
hunt-cache-poison — elementalsouls/claude-bughunter