Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Lab: Cache key injection

Alexander | Last updated: Mar 23, 2023 04:28PM UTC

Dear team, the lab https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-cache-key-injection can be solved in a simplier way than it is supposed to be. The following request: GET /login?lang=en&utm_content='><img+src=1+onerror=alert(1)><s+x=' HTTP/2 Allows to poison the cache without working with anything else

Michelle, PortSwigger Agent | Last updated: Mar 24, 2023 10:34AM UTC

Thanks for getting in touch. Did the lab status show as solved when you used this request?

Alexander | Last updated: Mar 24, 2023 10:04PM UTC

Hi, yes it is.

Alexander | Last updated: Mar 24, 2023 10:17PM UTC

Well, it was, now I keep getting "Invalid parameter value."

You need to Log in to post a reply. Or register here, for free.