@waftester/cli 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (141) hide show
  1. package/LICENSE +80 -0
  2. package/LICENSE-COMMUNITY +28 -0
  3. package/README.md +121 -0
  4. package/bin/cli.js +152 -0
  5. package/package.json +52 -0
  6. package/payloads/community/README.md +45 -0
  7. package/payloads/community/ai/ml-poisoning.json +173 -0
  8. package/payloads/community/ai/prompt-injection.json +247 -0
  9. package/payloads/community/ai/workflow-abuse.json +222 -0
  10. package/payloads/community/auth/jwt.json +855 -0
  11. package/payloads/community/auth/login-bypass.json +623 -0
  12. package/payloads/community/auth/mfa.json +402 -0
  13. package/payloads/community/auth/oauth.json +421 -0
  14. package/payloads/community/auth/open-redirect.json +1028 -0
  15. package/payloads/community/auth/session.json +404 -0
  16. package/payloads/community/cache/deception.json +402 -0
  17. package/payloads/community/cache/poisoning.json +403 -0
  18. package/payloads/community/deserialization/gadget.json +375 -0
  19. package/payloads/community/deserialization/prototype.json +370 -0
  20. package/payloads/community/fuzz/content-type.json +397 -0
  21. package/payloads/community/fuzz/headers.json +401 -0
  22. package/payloads/community/fuzz/methods.json +397 -0
  23. package/payloads/community/fuzz/obfuscation.json +362 -0
  24. package/payloads/community/fuzz/special-chars.json +740 -0
  25. package/payloads/community/fuzz/waf-bypass.json +452 -0
  26. package/payloads/community/graphql/batching-abuse.json +271 -0
  27. package/payloads/community/graphql/depth-limit.json +271 -0
  28. package/payloads/community/graphql/introspection.json +267 -0
  29. package/payloads/community/injection/crlf.json +569 -0
  30. package/payloads/community/injection/ldap.json +357 -0
  31. package/payloads/community/injection/nosqli.json +529 -0
  32. package/payloads/community/injection/oscmd.json +662 -0
  33. package/payloads/community/injection/rce-polyglots.json +452 -0
  34. package/payloads/community/injection/sqli.json +681 -0
  35. package/payloads/community/injection/ssti.json +584 -0
  36. package/payloads/community/injection/upload-attacks.json +632 -0
  37. package/payloads/community/injection/xpath.json +357 -0
  38. package/payloads/community/injection/xxe.json +716 -0
  39. package/payloads/community/logic/forced-browsing.json +405 -0
  40. package/payloads/community/logic/idor.json +1026 -0
  41. package/payloads/community/logic/privilege.json +337 -0
  42. package/payloads/community/media/exif-injection.json +225 -0
  43. package/payloads/community/media/metadata-poison.json +239 -0
  44. package/payloads/community/protocol/http-smuggling.json +798 -0
  45. package/payloads/community/protocol/http2-attacks.json +382 -0
  46. package/payloads/community/protocol/websocket-abuse.json +375 -0
  47. package/payloads/community/rate-limit/burst-simulation.json +286 -0
  48. package/payloads/community/rate-limit/bypass-attempts.json +326 -0
  49. package/payloads/community/rate-limit/zone-tests.json +332 -0
  50. package/payloads/community/services/authentik.json +415 -0
  51. package/payloads/community/services/immich.json +423 -0
  52. package/payloads/community/services/n8n.json +366 -0
  53. package/payloads/community/sqli-basic.json +182 -0
  54. package/payloads/community/ssrf/cloud-metadata.json +999 -0
  55. package/payloads/community/ssrf/dns-rebinding.json +503 -0
  56. package/payloads/community/ssrf/internal-networks.json +627 -0
  57. package/payloads/community/ssrf/protocol-smuggling.json +350 -0
  58. package/payloads/community/ssti/multi-language-templates.json +191 -0
  59. package/payloads/community/ssti/python-templates.json +200 -0
  60. package/payloads/community/traversal/basic.json +675 -0
  61. package/payloads/community/traversal/cloud-credentials.json +107 -0
  62. package/payloads/community/traversal/config-files.json +193 -0
  63. package/payloads/community/traversal/encoding.json +558 -0
  64. package/payloads/community/traversal/null-byte.json +105 -0
  65. package/payloads/community/traversal/symlink.json +93 -0
  66. package/payloads/community/traversal/unicode.json +134 -0
  67. package/payloads/community/traversal/unix-advanced.json +195 -0
  68. package/payloads/community/traversal/windows-advanced.json +195 -0
  69. package/payloads/community/waf-bypass/cloudflare-bypass.json +102 -0
  70. package/payloads/community/waf-bypass/encoding-bypass.json +120 -0
  71. package/payloads/community/waf-bypass/evasion-techniques.json +164 -0
  72. package/payloads/community/waf-bypass/hpp-bypass.json +92 -0
  73. package/payloads/community/waf-bypass/modsecurity-crs.json +220 -0
  74. package/payloads/community/waf-bypass/protocol-attacks.json +101 -0
  75. package/payloads/community/waf-bypass/sqlmap-tamper.json +252 -0
  76. package/payloads/community/waf-bypass/unicode-charset.json +152 -0
  77. package/payloads/community/waf-bypass/vendor-bypasses.json +72 -0
  78. package/payloads/community/waf-validation/README.md +172 -0
  79. package/payloads/community/waf-validation/bypass-techniques.json +272 -0
  80. package/payloads/community/waf-validation/custom-rules.json +952 -0
  81. package/payloads/community/waf-validation/evasion-techniques.json +272 -0
  82. package/payloads/community/waf-validation/modsecurity-core.json +151 -0
  83. package/payloads/community/waf-validation/owasp-top10.json +236 -0
  84. package/payloads/community/waf-validation/regression-tests.json +227 -0
  85. package/payloads/community/xss/csp-bypass.json +431 -0
  86. package/payloads/community/xss/dom.json +389 -0
  87. package/payloads/community/xss/filter-bypass.json +1242 -0
  88. package/payloads/community/xss/mutation.json +263 -0
  89. package/payloads/community/xss/polyglots.json +371 -0
  90. package/payloads/community/xss/reflected.json +187 -0
  91. package/payloads/community/xss/stored.json +330 -0
  92. package/payloads/crlf-injection.json +182 -0
  93. package/payloads/ids-map.json +155 -0
  94. package/payloads/ldap-injection.json +182 -0
  95. package/payloads/nosql-injection.json +227 -0
  96. package/payloads/prototype-pollution.json +182 -0
  97. package/payloads/request-smuggling.json +182 -0
  98. package/payloads/version.json +28 -0
  99. package/payloads/xss-advanced.json +227 -0
  100. package/templates/README.md +221 -0
  101. package/templates/nuclei/http/waf-bypass/crlf-bypass.yaml +146 -0
  102. package/templates/nuclei/http/waf-bypass/lfi-bypass.yaml +152 -0
  103. package/templates/nuclei/http/waf-bypass/nosqli-bypass.yaml +166 -0
  104. package/templates/nuclei/http/waf-bypass/rce-bypass.yaml +171 -0
  105. package/templates/nuclei/http/waf-bypass/sqli-basic.yaml +142 -0
  106. package/templates/nuclei/http/waf-bypass/sqli-evasion.yaml +192 -0
  107. package/templates/nuclei/http/waf-bypass/ssrf-bypass.yaml +130 -0
  108. package/templates/nuclei/http/waf-bypass/ssti-bypass.yaml +147 -0
  109. package/templates/nuclei/http/waf-bypass/xss-basic.yaml +163 -0
  110. package/templates/nuclei/http/waf-bypass/xss-evasion.yaml +217 -0
  111. package/templates/nuclei/http/waf-bypass/xxe-bypass.yaml +204 -0
  112. package/templates/nuclei/http/waf-detection/akamai-detect.yaml +105 -0
  113. package/templates/nuclei/http/waf-detection/aws-waf-detect.yaml +115 -0
  114. package/templates/nuclei/http/waf-detection/azure-waf-detect.yaml +114 -0
  115. package/templates/nuclei/http/waf-detection/cloudflare-detect.yaml +121 -0
  116. package/templates/nuclei/http/waf-detection/modsecurity-detect.yaml +129 -0
  117. package/templates/nuclei/workflows/waf-assessment-workflow.yaml +71 -0
  118. package/templates/output/asff.tmpl +61 -0
  119. package/templates/output/csv.tmpl +4 -0
  120. package/templates/output/junit.tmpl +34 -0
  121. package/templates/output/markdown-report.tmpl +92 -0
  122. package/templates/output/slack-notification.tmpl +95 -0
  123. package/templates/output/text-summary.tmpl +56 -0
  124. package/templates/overrides/api-only.yaml +130 -0
  125. package/templates/overrides/crs-tuning.yaml +204 -0
  126. package/templates/overrides/false-positive-suppression.yaml +159 -0
  127. package/templates/policies/owasp-top10.yaml +152 -0
  128. package/templates/policies/pci-dss.yaml +124 -0
  129. package/templates/policies/permissive.yaml +40 -0
  130. package/templates/policies/standard.yaml +57 -0
  131. package/templates/policies/strict.yaml +72 -0
  132. package/templates/report-configs/compliance.yaml +173 -0
  133. package/templates/report-configs/dark.yaml +136 -0
  134. package/templates/report-configs/enterprise.yaml +175 -0
  135. package/templates/report-configs/minimal.yaml +84 -0
  136. package/templates/report-configs/print.yaml +139 -0
  137. package/templates/workflows/api-scan.yaml +132 -0
  138. package/templates/workflows/ci-gate.yaml +129 -0
  139. package/templates/workflows/full-scan.yaml +133 -0
  140. package/templates/workflows/quick-probe.yaml +80 -0
  141. package/templates/workflows/waf-detection.yaml +89 -0
package/payloads/community/cache/deception.json ADDED
@@ -0,0 +1,402 @@
1
+ [
2
+ {
3
+ "id": "CACHE-DECEPT-001",
4
+ "payload": "GET /api/user/profile/..;/style.css HTTP/1.1\r\nHost: target.com\r\n\r\n",
5
+ "tags": [
6
+ "cache-deception",
7
+ "fake-extension",
8
+ "quick",
9
+ "critical"
10
+ ],
11
+ "expected_block": true,
12
+ "severity_hint": "Critical",
13
+ "notes": "Web Cache Deception with semicolon path separator and fake CSS extension",
14
+ "destructive": false,
15
+ "category": "Cache"
16
+ },
17
+ {
18
+ "id": "CACHE-DECEPT-002",
19
+ "payload": "GET /api/user/profile/..%2fstyle.css HTTP/1.1\r\nHost: target.com\r\n\r\n",
20
+ "tags": [
21
+ "cache-deception",
22
+ "fake-extension",
23
+ "quick"
24
+ ],
25
+ "expected_block": true,
26
+ "severity_hint": "Critical",
27
+ "notes": "Web Cache Deception with encoded slash and fake CSS extension",
28
+ "destructive": false,
29
+ "category": "Cache"
30
+ },
31
+ {
32
+ "id": "CACHE-DECEPT-003",
33
+ "payload": "GET /api/user/profile/anything.js HTTP/1.1\r\nHost: target.com\r\n\r\n",
34
+ "tags": [
35
+ "cache-deception",
36
+ "js-extension",
37
+ "critical"
38
+ ],
39
+ "expected_block": true,
40
+ "severity_hint": "Critical",
41
+ "notes": "Web Cache Deception with JavaScript extension to cache sensitive data",
42
+ "destructive": false,
43
+ "category": "Cache"
44
+ },
45
+ {
46
+ "id": "CACHE-DECEPT-004",
47
+ "payload": "GET /api/user/profile/x.png HTTP/1.1\r\nHost: target.com\r\n\r\n",
48
+ "tags": [
49
+ "cache-deception",
50
+ "image-extension"
51
+ ],
52
+ "expected_block": true,
53
+ "severity_hint": "High",
54
+ "notes": "Web Cache Deception with PNG extension",
55
+ "destructive": false,
56
+ "category": "Cache"
57
+ },
58
+ {
59
+ "id": "CACHE-DECEPT-005",
60
+ "payload": "GET /api/user/profile/%2e%2e%3b/static.js HTTP/1.1\r\nHost: target.com\r\n\r\n",
61
+ "tags": [
62
+ "cache-deception",
63
+ "encoding"
64
+ ],
65
+ "expected_block": true,
66
+ "severity_hint": "Critical",
67
+ "notes": "Web Cache Deception with encoded ..%3B (semicolon) path separator",
68
+ "destructive": false,
69
+ "category": "Cache"
70
+ },
71
+ {
72
+ "id": "CACHE-DECEPT-006",
73
+ "payload": "GET /api/user/profile.json/..;/app.js HTTP/1.1\r\nHost: target.com\r\n\r\n",
74
+ "tags": [
75
+ "cache-deception",
76
+ "double-extension"
77
+ ],
78
+ "expected_block": true,
79
+ "severity_hint": "Critical",
80
+ "notes": "Double extension with semicolon separator",
81
+ "destructive": false,
82
+ "category": "Cache"
83
+ },
84
+ {
85
+ "id": "CACHE-DECEPT-007",
86
+ "payload": "GET /api/user/profile HTTP/1.1\r\nHost: target.com%0d%0aX-Cache-Override: public\r\n\r\n",
87
+ "tags": [
88
+ "cache-deception",
89
+ "host-injection"
90
+ ],
91
+ "expected_block": true,
92
+ "severity_hint": "Critical",
93
+ "notes": "Host header injection with CRLF to add cache override header",
94
+ "destructive": false,
95
+ "category": "Cache"
96
+ },
97
+ {
98
+ "id": "CACHE-DECEPT-008",
99
+ "payload": "GET /api/user/profile?;.css HTTP/1.1\r\nHost: target.com\r\n\r\n",
100
+ "tags": [
101
+ "cache-deception",
102
+ "query-extension"
103
+ ],
104
+ "expected_block": true,
105
+ "severity_hint": "High",
106
+ "notes": "Fake extension in query string with semicolon",
107
+ "destructive": false,
108
+ "category": "Cache"
109
+ },
110
+ {
111
+ "id": "CACHE-DECEPT-009",
112
+ "payload": "GET /api/user/profile#.js HTTP/1.1\r\nHost: target.com\r\n\r\n",
113
+ "tags": [
114
+ "cache-deception",
115
+ "fragment-extension"
116
+ ],
117
+ "expected_block": true,
118
+ "severity_hint": "Medium",
119
+ "notes": "Fake extension in URL fragment (may be stripped inconsistently)",
120
+ "destructive": false,
121
+ "category": "Cache"
122
+ },
123
+ {
124
+ "id": "CACHE-DECEPT-010",
125
+ "payload": "GET /api/user/profile.json HTTP/1.1\r\nHost: target.com\r\nX-Original-URL: /api/user/profile\r\n\r\n",
126
+ "tags": [
127
+ "cache-deception",
128
+ "path-confusion",
129
+ "critical"
130
+ ],
131
+ "expected_block": true,
132
+ "severity_hint": "Critical",
133
+ "notes": "Path confusion via X-Original-URL to serve sensitive data with cacheable extension",
134
+ "destructive": false,
135
+ "category": "Cache"
136
+ },
137
+ {
138
+ "id": "CACHE-DECEPT-011",
139
+ "payload": "GET /api/user/profile HTTP/1.1\r\nHost: target.com\r\nX-Forwarded-Uri: /static/app.js\r\n\r\n",
140
+ "tags": [
141
+ "cache-deception",
142
+ "uri-override"
143
+ ],
144
+ "expected_block": true,
145
+ "severity_hint": "High",
146
+ "notes": "URI override header to trick cache into storing with static path",
147
+ "destructive": false,
148
+ "category": "Cache"
149
+ },
150
+ {
151
+ "id": "CACHE-DECEPT-012",
152
+ "payload": "GET /api/user/profile.css;.json HTTP/1.1\r\nHost: target.com\r\n\r\n",
153
+ "tags": [
154
+ "cache-deception",
155
+ "complex-extension"
156
+ ],
157
+ "expected_block": true,
158
+ "severity_hint": "High",
159
+ "notes": "Multiple extensions with semicolon separator",
160
+ "destructive": false,
161
+ "category": "Cache"
162
+ },
163
+ {
164
+ "id": "CACHE-DECEPT-013",
165
+ "payload": "GET /api/user/profile HTTP/1.1\r\nHost: target.com\r\nHost: cdn.target.com\r\n\r\n",
166
+ "tags": [
167
+ "cache-deception",
168
+ "duplicate-host",
169
+ "critical"
170
+ ],
171
+ "expected_block": true,
172
+ "severity_hint": "Critical",
173
+ "notes": "Duplicate Host header to confuse cache vs origin routing",
174
+ "destructive": false,
175
+ "category": "Cache"
176
+ },
177
+ {
178
+ "id": "CACHE-DECEPT-014",
179
+ "payload": "GET /api/user/profile/..%00.css HTTP/1.1\r\nHost: target.com\r\n\r\n",
180
+ "tags": [
181
+ "cache-deception",
182
+ "null-byte"
183
+ ],
184
+ "expected_block": true,
185
+ "severity_hint": "Critical",
186
+ "notes": "Null byte with fake extension for path truncation",
187
+ "destructive": false,
188
+ "category": "Cache"
189
+ },
190
+ {
191
+ "id": "CACHE-DECEPT-015",
192
+ "payload": "GET //api/user/profile.js HTTP/1.1\r\nHost: target.com\r\n\r\n",
193
+ "tags": [
194
+ "cache-deception",
195
+ "double-slash",
196
+ "quick"
197
+ ],
198
+ "expected_block": true,
199
+ "severity_hint": "High",
200
+ "notes": "Double slash normalization with fake JS extension",
201
+ "destructive": false,
202
+ "category": "Cache"
203
+ },
204
+ {
205
+ "id": "CACHE-DECEPT-016",
206
+ "payload": "GET /api/user/profile/.css HTTP/1.1\r\nHost: target.com\r\n\r\n",
207
+ "tags": [
208
+ "cache-deception",
209
+ "dotfile"
210
+ ],
211
+ "expected_block": true,
212
+ "severity_hint": "Medium",
213
+ "notes": "Dotfile path segment with extension",
214
+ "destructive": false,
215
+ "category": "Cache"
216
+ },
217
+ {
218
+ "id": "CACHE-DECEPT-017",
219
+ "payload": "GET /api/user/profile\\..\\static.css HTTP/1.1\r\nHost: target.com\r\n\r\n",
220
+ "tags": [
221
+ "cache-deception",
222
+ "backslash"
223
+ ],
224
+ "expected_block": true,
225
+ "severity_hint": "High",
226
+ "notes": "Backslash path separator with fake extension (IIS-style)",
227
+ "destructive": false,
228
+ "category": "Cache"
229
+ },
230
+ {
231
+ "id": "CACHE-DECEPT-018",
232
+ "payload": "GET /api/user/profile%2F..%3B/static.js HTTP/1.1\r\nHost: target.com\r\n\r\n",
233
+ "tags": [
234
+ "cache-deception",
235
+ "full-encoding"
236
+ ],
237
+ "expected_block": true,
238
+ "severity_hint": "Critical",
239
+ "notes": "Fully encoded path traversal with semicolon and fake extension",
240
+ "destructive": false,
241
+ "category": "Cache"
242
+ },
243
+ {
244
+ "id": "CACHE-DECEPT-019",
245
+ "payload": "GET /api/user/profile/;.woff HTTP/1.1\r\nHost: target.com\r\n\r\n",
246
+ "tags": [
247
+ "cache-deception",
248
+ "font-extension"
249
+ ],
250
+ "expected_block": true,
251
+ "severity_hint": "High",
252
+ "notes": "Web font extension with semicolon separator",
253
+ "destructive": false,
254
+ "category": "Cache"
255
+ },
256
+ {
257
+ "id": "CACHE-DECEPT-020",
258
+ "payload": "GET /api/user/profile.json%20 HTTP/1.1\r\nHost: target.com\r\n\r\n",
259
+ "tags": [
260
+ "cache-deception",
261
+ "trailing-space"
262
+ ],
263
+ "expected_block": true,
264
+ "severity_hint": "High",
265
+ "notes": "Encoded trailing space after extension (normalization bypass)",
266
+ "destructive": false,
267
+ "category": "Cache"
268
+ },
269
+ {
270
+ "id": "CACHE-DECEPT-021",
271
+ "payload": "GET /api/user/profile.css%09 HTTP/1.1\r\nHost: target.com\r\n\r\n",
272
+ "tags": [
273
+ "cache-deception",
274
+ "trailing-tab"
275
+ ],
276
+ "expected_block": true,
277
+ "severity_hint": "High",
278
+ "notes": "Encoded trailing tab after extension",
279
+ "destructive": false,
280
+ "category": "Cache"
281
+ },
282
+ {
283
+ "id": "CACHE-DECEPT-022",
284
+ "payload": "GET /api/user/profile HTTP/1.1\r\nHost: target.com\r\nX-Forwarded-Path: /static/bundle.js\r\n\r\n",
285
+ "tags": [
286
+ "cache-deception",
287
+ "forwarded-path"
288
+ ],
289
+ "expected_block": true,
290
+ "severity_hint": "High",
291
+ "notes": "X-Forwarded-Path to make CDN cache sensitive endpoint",
292
+ "destructive": false,
293
+ "category": "Cache"
294
+ },
295
+ {
296
+ "id": "CACHE-DECEPT-023",
297
+ "payload": "GET /api/user/profile.json;jsessionid=ABC123 HTTP/1.1\r\nHost: target.com\r\n\r\n",
298
+ "tags": [
299
+ "cache-deception",
300
+ "session-suffix"
301
+ ],
302
+ "expected_block": true,
303
+ "severity_hint": "Critical",
304
+ "notes": "Session ID suffix with cacheable extension (Java-style)",
305
+ "destructive": false,
306
+ "category": "Cache"
307
+ },
308
+ {
309
+ "id": "CACHE-DECEPT-024",
310
+ "payload": "GET /api/user/PROFILE/data.css HTTP/1.1\r\nHost: target.com\r\n\r\n",
311
+ "tags": [
312
+ "cache-deception",
313
+ "case-sensitivity"
314
+ ],
315
+ "expected_block": true,
316
+ "severity_hint": "High",
317
+ "notes": "Case variation with fake extension (case-insensitive routing)",
318
+ "destructive": false,
319
+ "category": "Cache"
320
+ },
321
+ {
322
+ "id": "CACHE-DECEPT-025",
323
+ "payload": "GET /api/user/profile/./static.js HTTP/1.1\r\nHost: target.com\r\n\r\n",
324
+ "tags": [
325
+ "cache-deception",
326
+ "dot-segment",
327
+ "quick"
328
+ ],
329
+ "expected_block": true,
330
+ "severity_hint": "High",
331
+ "notes": "Dot segment normalization with fake extension",
332
+ "destructive": false,
333
+ "category": "Cache"
334
+ },
335
+ {
336
+ "id": "CACHE-DECEPT-026",
337
+ "payload": "GET /api/user/profile.json? HTTP/1.1\r\nHost: target.com\r\n\r\n",
338
+ "tags": [
339
+ "cache-deception",
340
+ "query-separator"
341
+ ],
342
+ "expected_block": true,
343
+ "severity_hint": "Medium",
344
+ "notes": "Empty query string after cacheable extension",
345
+ "destructive": false,
346
+ "category": "Cache"
347
+ },
348
+ {
349
+ "id": "CACHE-DECEPT-027",
350
+ "payload": "GET /api/user/profile HTTP/1.1\r\nHost: target.com\r\nX-Rewrite-URL: /api/user/profile.css\r\n\r\n",
351
+ "tags": [
352
+ "cache-deception",
353
+ "rewrite-url",
354
+ "critical"
355
+ ],
356
+ "expected_block": true,
357
+ "severity_hint": "Critical",
358
+ "notes": "X-Rewrite-URL to add cacheable extension at CDN level",
359
+ "destructive": false,
360
+ "category": "Cache"
361
+ },
362
+ {
363
+ "id": "CACHE-DECEPT-028",
364
+ "payload": "GET /api/user/profile%252e%252e%253b/static.js HTTP/1.1\r\nHost: target.com\r\n\r\n",
365
+ "tags": [
366
+ "cache-deception",
367
+ "double-encoding"
368
+ ],
369
+ "expected_block": true,
370
+ "severity_hint": "Critical",
371
+ "notes": "Double-encoded path traversal with fake extension",
372
+ "destructive": false,
373
+ "category": "Cache"
374
+ },
375
+ {
376
+ "id": "CACHE-DECEPT-029",
377
+ "payload": "GET /api/user/profile.json%2f HTTP/1.1\r\nHost: target.com\r\n\r\n",
378
+ "tags": [
379
+ "cache-deception",
380
+ "trailing-slash-encoded"
381
+ ],
382
+ "expected_block": true,
383
+ "severity_hint": "High",
384
+ "notes": "Encoded trailing slash after extension",
385
+ "destructive": false,
386
+ "category": "Cache"
387
+ },
388
+ {
389
+ "id": "CACHE-DECEPT-030",
390
+ "payload": "GET /api/user/profile.css%2e%2e%2fdata HTTP/1.1\r\nHost: target.com\r\n\r\n",
391
+ "tags": [
392
+ "cache-deception",
393
+ "extension-traversal",
394
+ "critical"
395
+ ],
396
+ "expected_block": true,
397
+ "severity_hint": "Critical",
398
+ "notes": "Cacheable extension with encoded path traversal suffix",
399
+ "destructive": false,
400
+ "category": "Cache"
401
+ }
402
+ ]