Skip to main content
squ4r00t’s

Portswigger - Combining web cache poisoning vulnerabilities

·56 words·1 min
squ4r00t
Author
squ4r00t
red teamer
Table of Contents
Web Cache Poisoning - This article is part of a series.
Part 1: Portswigger - Cache Poisoning with an Unkeyed Header
Part 2: Portswigger - Cache Poisoning with an Unkeyed Cookie
Part 3: Portswigger - Cache Poisoning with multiple headers
Part 4: Portswigger - Cache Poisoning with an Unknown Header
Part 10: Portswigger - Cache Poisoning to DOM XSS
Part 11: This Article

Lab Description
#

This lab is susceptible to web cache poisoning, but only if you construct a complex exploit chain.

A user visits the home page roughly once a minute and their language is set to English. To solve this lab, poison the cache with a response that executes alert(document.cookie) in the visitor’s browser.

Solve
#

Web Cache Poisoning - This article is part of a series.
Part 1: Portswigger - Cache Poisoning with an Unkeyed Header
Part 2: Portswigger - Cache Poisoning with an Unkeyed Cookie
Part 3: Portswigger - Cache Poisoning with multiple headers
Part 4: Portswigger - Cache Poisoning with an Unknown Header
Part 10: Portswigger - Cache Poisoning to DOM XSS
Part 11: This Article