Hey everyone,

Following up on Part 1 (Historical attacks), I just finished analyzing Part 2, which focuses on modern cache poisoning vectors involving cloud platforms and frameworks.

The Case Studies analyzed:

• Glassdoor: CSRF Token Leak → Stored XSS chain.

• Next.js: RSC (React Server Components) & SSR cache confusion.

• U.S. DoD: Sustained DoS via cache busting.

• Shopify: Backslash/Forward slash normalization DoS.

• Mozilla: 404 Error poisoning.

The Next.js finding is particularly interesting for anyone running Vercel/SSR setups, as it shows how 'smart' caching headers can introduce conflicts.

Full technical breakdown is here: [Link]

Let me know in the comments if you've seen the Next.js RSC issues in the wild yet.