Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: Web cache poisoning via an unkeyed query string

Dario | Last updated: Apr 20, 2024 08:23AM UTC

Hi, I have tried repeatedly to do this lab with no results. My problem is that whatever request I send the X-Cache always responds to me Miss. Either from the opriginal request to the home, adding a cachebuster payload, copying the solution, using the Origin header or manipulating other existing headers like Accept-Encoding. Whether in http 1.1 or http2, the answer will always be this : Cache-Control: max-age=35 Age: 0 X-Cache: miss Can you please give me support?

Dario | Last updated: Apr 20, 2024 12:55PM UTC

and the same issue with "Web cache poisoning via an unkeyed query parameter", I can't hit anything in the cache

Dario | Last updated: Apr 20, 2024 01:46PM UTC

and the same with "Lab: Parameter cloaking" as well. Studying is impossibile :( :( :( please help me

Ben, PortSwigger Agent | Last updated: Apr 22, 2024 08:01AM UTC

Hi Dario, Are you able to email us at support@portswigger.net and include some screenshots of exactly what you are sending and what you are seeing in the response?

Dario | Last updated: Apr 22, 2024 09:48AM UTC

Sure, I'm done

Ben, PortSwigger Agent | Last updated: Apr 22, 2024 09:58AM UTC

Thanks Dario - we will follow up in your email.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.