Burp Suite User Forum

Login to post

Lab for "Web cache poisoning with an unkeyed header" not completing despite correct (?) solution

AC | Last updated: Jan 06, 2022 07:41AM UTC

Hi, Basically as the title says I have done the lab for "Web cache poisoning with an unkeyed header" and succeeded in getting the alert box to pop up in my browser. However despite this no matter what I do the lab itself will not solve. I looked at the solution and video attached on the lab page and did them step by step but still the same result. I also made sure I am not using any type of cachebuster and instead poisoning the raw "/" path (and to verify this I made sure not to proxy through Burp when re-accessing the site after poisoning). Here is a screenshot of the request I am sending in Burp: https://i.ibb.co/T4Btygr/web-cache-001.png Here is a screenshot of the response showing my poisoned path: https://i.ibb.co/7kHLNV7/web-cache-002.png Here is a screenshot of the alert box generated when accessing the lab URL (this was done from a different browser and not proxied through Burp just to make sure it wasn't some issue like Burp automatically adding cachebuster params etc): https://i.ibb.co/8sXjknw/web-cache-003.png Here is a screenshot of the source when accessing the lab URL in the browser: https://i.ibb.co/kKMcp4J/web-cache-004.png Finally, here is a screenshot of my exploit-server file settings, just incase there is an issue there: https://i.ibb.co/1JcCwZm/web-cache-005.png I have tried many different things but just cannot get it working. If there is any help you can give I would be very grateful! Best Regards, AC

Ben, PortSwigger Agent | Last updated: Jan 06, 2022 09:06AM UTC

Hi, I have just run through this particular lab and was able to solve it using the solution so it is, at least, working as intended for some users. From the screenshots that you have provided, I cannot immediately see anything obviously wrong with what you are trying to do - just to confirm, are you sending your request more than once just in case the victim user is not visiting the page whilst the cache is poisoned?

Mushtak | Last updated: Jan 14, 2022 03:31PM UTC

Hi I'm facing the same issue

Alex, PortSwigger Agent | Last updated: Jan 17, 2022 02:01PM UTC

Hi, I've confirmed with the Academy team that the lab is operating as intended. I can only repeat Ben's advice and confirm that you are sending more than one request. Thanks

You need to Log in to post a reply. Or register here, for free.