Burp Suite User Forum

Login to post

solving labs

Matias | Last updated: Sep 16, 2020 11:33AM UTC

Hi I am trying to solve some of the web caching labs. I manage to poison the cache, get an alert to show up but the lab never solves. For example, I am working on: "Web cache poisoning via an unkeyed query string" I have sent the request: GET /?test=1'><script>alert(1)</script>--' HTTP/1.1 and receive a response with <link rel="canonical" href='//ac2c1ff01e08856a801d341400f700af.web-security-academy.net/?test=1'><script>alert(1)</script>--'&fcbz=1'/> This seems correct, and it shows an alert when I go to the home page on my browser. However, the lab never completes. This has been happening for now three labs. Am I doing something incorrectly? or is it something else? I am using Burp suite community version, with Firefox 79.0 Regards, Matias

Uthman, PortSwigger Agent | Last updated: Sep 17, 2020 10:00AM UTC

Hi Matias, The web cache poisoning labs are designed to be quite challenging. It is all about timing. The victim user periodically accesses the homepage but you need to keep re-poisoning the cache if the lab is not solved after 35 seconds. You can also take a break and wait for the lab (~15mins). Alternatively, you can look at a video solution on YouTube.

You need to Log in to post a reply. Or register here, for free.