Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Question regarding the Cache key injection lab

YL | Last updated: Oct 14, 2024 07:08PM UTC

https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-cache-key-injection Hi there, could anyone provide some insight on the Cache key injection lab, not able to understand it after reading the solution, thanks a lot. I know I might able to find the answer once I finished other lab content, apologise for my question. 1. What is the rational of setting the value of utm_content to z and x on this 2 separate payload? 2. what is the parameter x=1 use for? What is the reason setting this parameter? 3. Why the value of Origin header is set to x? 4. Why append the $$$$ at the end of alert(1) payload? 5. Why the second payload have the $$ sign in front of the origin header, also after the alert(1) 6. Why the second payload have the # sign? GET /js/localize.js?lang=en?utm_content=z&cors=1&x=1 HTTP/2 Origin: x Content-Length: 8 alert(1)$$$$ GET /login?lang=en?utm_content=x&cors=1&x=1$$origin=x Content-Length: 8 alert(1)$$# HTTP/2

Michelle, PortSwigger Agent | Last updated: Oct 16, 2024 12:42PM UTC

Hi This lab is one of the more complex Expert level labs and requires an understanding of several other web vulnerabilities. Have you completed many of the other topics at this stage in your Web Security Academy journey?

YL | Last updated: Oct 16, 2024 10:41PM UTC

Hi Michelle, thanks for your response not complete all other yet but working on it I guess the "response header injection" is from the topic HTTP Host header attacks?

Michelle, PortSwigger Agent | Last updated: Oct 17, 2024 02:54PM UTC

Hi If you've not completed all the other las yet, I'd recommend putting this particular lab on pause until you've progressed a bit further on your journey. For Host header vulnerabilities, you might find this section useful: https://portswigger.net/web-security/host-header/exploiting

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.