Burp Suite User Forum

Login to post

Lab: Cache key injection (Unintended Solution)

Hudson | Last updated: Sep 21, 2023 07:45PM UTC

Hello, while I was doing Lab "Lab: Cache key injection" https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-cache-key-injection, I ended up finishing it very quickly and I even found it strange, when I finished it I went to see what the solution was like to see if it was the same thing as what I had done, but the solution to completing the lab is much more complex, I believe my solution is unintended. My Solution Steps. 1) I note that the parameter "?utm_content" have been excluded from the cache key, but reflects on the page source <link> tag 2) The back-end does not encode the value inside the "?utm_content" parameter being possible to escape the "<link>" tag and HTML CODE Video POC: https://user-images.githubusercontent.com/96009982/269736264-1518e49c-7136-4c5c-a044-edccd3db7e98.mp4

Dominyque, PortSwigger Agent | Last updated: Sep 22, 2023 08:29AM UTC

Hi Hudson Thank you for outlining the steps you took for the alternative solution. I have discussed this with the Web Academy developers, and we have now raised a bug ticket to remedy this.

You need to Log in to post a reply. Or register here, for free.