Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Targeted web cache poisoning using an unknown header

kairosdev | Last updated: Mar 11, 2022 07:01PM UTC

Hi there, I'm doing "Targeted web cache poisoning using an unknown header" lab and after doing all the steps on the solution it seems it's not solved. These the latest Request&Response from Repeater. REQUEST --------------------------------------- GET / HTTP/1.1 Host: ac571f8a1fc51a43c01290c400c50008.web-security-academy.net User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Referer: https://ac571f8a1fc51a43c01290c400c50008.web-security-academy.net/login Cookie: session=O86OGWg5kz6jHXieYdwZKv3FUc7940XO Upgrade-Insecure-Requests: 1 X-Host: exploit-acf21f721fd51a92c05290a101ec00a9.web-security-academy.net/resources/js/tracking.js RESPONSE --------------------------------------- HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Vary: User-Agent Cache-Control: max-age=30 Age: 3 X-Cache: hit Connection: close Content-Length: 7720 <!DOCTYPE html> <html> <head> <link href=/resources/labheader/css/academyLabHeader.css rel=stylesheet> <link href=/resources/css/labsBlog.css rel=stylesheet> <title>Targeted web cache poisoning using an unknown header</title> </head> <body> <script type="text/javascript" src="//exploit-acf21f721fd51a92c05290a101ec00a9.web-security-academy.net/resources/js/tracking.js/resources/js/tracking.js"></script> <script src="/resources/labheader/js/labHeader.js"></script> <div id="academyLabHeader"> <section class='academyLabBanner'> <div class=container> <div class=logo></div> <div class=title-container> <h2>Targeted web cache poisoning using an unknown header</h2> <a id='exploit-link' class='button' target='_blank' href='https://exploit-acf21f721fd51a92c05290a101ec00a9.web-security-academy.net'>Go to exploit server</a> <a class=link-back href='https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws/lab-web-cache-poisoning-targeted-using-an-unknown-header'> Back&nbsp;to&nbsp;lab&nbsp;description&nbsp; <svg version=1.1 id=Layer_1 xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x=0px y=0px viewBox='0 0 28 30' enable-background='new 0 0 28 30' xml:space=preserve title=back-arrow> <g> <polygon points='1.4,0 0,1.2 12.6,15 0,28.8 1.4,30 15.1,15'></polygon> <polygon points='14.3,0 12.9,1.2 25.6,15 12.9,28.8 14.3,30 28,15'></polygon> </g> </svg> </a> </div> <div class='widgetcontainer-lab-status is-notsolved'> <span>LAB</span> <p>Not solved</p> <span class=lab-status-icon></span> </div> </div> </div> </section> </div> <div theme="blog"> <section class="maincontainer"> <div class="container is-page"> <header class="navigation-header"> <section class="top-links"> <a href=/>Home</a><p>|</p> <a href="/my-account">My account</a><p>|</p> </section> </header> <header class="notification-header"> </header> <section class="blog-header"> <img src="/resources/images/blog.svg"> </section> <section class="blog-list"> <a href="/post?postId=5"><img src="/image/blog/posts/12.jpg"></a> <h2>It's All Just A Click Away</h2> <p>What I love most about Social Media is how it fills my days. Time just evaporates with every word I read, every video I watch and every pointless self-analyzing quiz I take part in. I used to tell people I...</p> <a class="button is-small" href="/post?postId=5">View post</a> <a href="/post?postId=10"><img src="/image/blog/posts/38.jpg"></a> <h2>Don't Believe Everything You Read</h2> <p>Don't believe everything you read is not only a common expression, it's also a pretty obvious one. Although, it's common and obvious because it's an old saying, an old saying rooted in print journalism and their individual biases. But now,...</p> <a class="button is-small" href="/post?postId=10">View post</a> <a href="/post?postId=4"><img src="/image/blog/posts/27.jpg"></a> <h2>Video Games Made Me A Better Surgeon</h2> <p>Recently there was an article on this very subject. I felt it was slightly lacking in depth, there was a lot of input from professionals discussing dexterity, did video games improve that or make it worse. I imagine the surgeon...</p> <a class="button is-small" href="/post?postId=4">View post</a> <a href="/post?postId=9"><img src="/image/blog/posts/21.jpg"></a> <h2>The Do's & Don'ts of Writing Your Resume</h2> <p>We all know how extremely important first impressions are, especially in the business world. Your resume is your handshake to your future employer, don't make it a sweaty limp one.</p> <a class="button is-small" href="/post?postId=9">View post</a> <a href="/post?postId=8"><img src="/image/blog/posts/53.jpg"></a> <h2>No More Burping Out Loud Guys</h2> <p>One young woman fed up with her workmates burping out loud in the office took matters into her own hands.</p> <a class="button is-small" href="/post?postId=8">View post</a> <a href="/post?postId=3"><img src="/image/blog/posts/11.jpg"></a> <h2>Identity Theft</h2> <p>I'm guessing all the people that used to steal people's identities by rifling through their garbage cans, looking for private banking details, are probably very fat and lazy now. With so many working from home opportunities available, in this golden...</p> <a class="button is-small" href="/post?postId=3">View post</a> <a href="/post?postId=2"><img src="/image/blog/posts/25.jpg"></a> <h2>Tracking Your Kids</h2> <p>It's not Big Brother who's watching you, it's your folks! The first generation of datafied children is hitting the streets. What does this mean? Basically, we know where they are, where they've been and when they were last 'live' on...</p> <a class="button is-small" href="/post?postId=2">View post</a> <a href="/post?postId=7"><img src="/image/blog/posts/62.jpg"></a> <h2>No Silly Names, Please</h2> <p>We hear about it all the time, the unusual names people have given their children. I say unusual to be polite because, to be honest, some of them are just downright ridiculous. Have these parents no idea of the pressure...</p> <a class="button is-small" href="/post?postId=7">View post</a> <a href="/post?postId=6"><img src="/image/blog/posts/41.jpg"></a> <h2>The Hating Dating App</h2> <p>I saw a headline the other day about the launch of a dating app that matches people based on the things they hate. I didn't read the article as I wanted to work out for myself how that could possibly...</p> <a class="button is-small" href="/post?postId=6">View post</a> <a href="/post?postId=1"><img src="/image/blog/posts/54.jpg"></a> <h2>The First Ever Truly Eco Car Has Made It To Market</h2> <p>Forget electricity, we know that's still a drain on the National Grid. Some clever little inventors in Ohio have come up with a way of getting your car moving with nothing but air. And better still, air from your own...</p> <a class="button is-small" href="/post?postId=1">View post</a> </section> </div> </section> </div> </body> </html> Any idea about what happens or I've done wrong?

Michelle, PortSwigger Agent | Last updated: Mar 14, 2022 08:36AM UTC

Thanks for getting in touch to report this issue. We have been able to replicate the problem here and have identified an issue in this particular lab. This has been raised with the Academy team and they are investigating the cause of the problem. We'll update this thread once we have an update.

kairosdev | Last updated: Mar 14, 2022 07:38PM UTC

I think there's the same or another issue in the lab "Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria". The following is my request and response. REQUEST ---------------- GET / HTTP/1.1 Host: ace91f961e0d31efc05ba6de0028003e.web-security-academy.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Forwarded-Host: exploit-acd81f831e50311dc098a6b2012d00b5.web-security-academy.net Referer: https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws/lab-web-cache-poisoning-to-exploit-a-dom-vulnerability-via-a-cache-with-strict-cacheability-criteria Connection: close Cookie: session=tFzdzNC4vIRpOslV3V4vmPhjDMgr5onp Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0 RESPONSE ---------------- HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cache-Control: max-age=30 Age: 5 X-Cache: hit Connection: close Content-Length: 11253 <!DOCTYPE html> <html> <head> <link href=/resources/labheader/css/academyLabHeader.css rel=stylesheet> <link href=/resources/css/labsEcommerce.css rel=stylesheet> <script> data = { "host":"exploit-acd81f831e50311dc098a6b2012d00b5.web-security-academy.net", "path":"/", } </script> <title>Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria</title> </head> <body> <script type="text/javascript" src="/resources/js/geolocate.js"></script> <script src="/resources/labheader/js/labHeader.js"></script> <div id="academyLabHeader"> <section class='academyLabBanner'> <div class=container> <div class=logo></div> <div class=title-container> <h2>Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria</h2> <a id='exploit-link' class='button' target='_blank' href='https://exploit-acd81f831e50311dc098a6b2012d00b5.web-security-academy.net'>Go to exploit server</a> <a class=link-back href='https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws/lab-web-cache-poisoning-to-exploit-a-dom-vulnerability-via-a-cache-with-strict-cacheability-criteria'> Back&nbsp;to&nbsp;lab&nbsp;description&nbsp; <svg version=1.1 id=Layer_1 xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x=0px y=0px viewBox='0 0 28 30' enable-background='new 0 0 28 30' xml:space=preserve title=back-arrow> <g> <polygon points='1.4,0 0,1.2 12.6,15 0,28.8 1.4,30 15.1,15'></polygon> <polygon points='14.3,0 12.9,1.2 25.6,15 12.9,28.8 14.3,30 28,15'></polygon> </g> </svg> </a> </div> <div class='widgetcontainer-lab-status is-notsolved'> <span>LAB</span> <p>Not solved</p> <span class=lab-status-icon></span> </div> </div> </div> </section> </div> <div theme="ecommerce"> <section class="maincontainer"> <div class="container"> <header class="navigation-header"> <div id=shipping-info class=shipping-info> </div> <section class="top-links"> <a href=/>Home</a><p>|</p> <a href="/my-account">My account</a><p>|</p> </section> </header> <header class="notification-header"> </header> <section class="ecoms-pageheader"> <img src="/resources/images/shop.svg"> </section> <section class="container-list-tiles"> <div> <img src="/image/productcatalog/products/7.jpg"> <h3>Conversation Controlling Lemon</h3> <img src="/resources/images/rating5.png"> $36.37 <a class="button" href="/product?productId=1">View details</a> </div> <div> <img src="/image/productcatalog/products/36.jpg"> <h3>Caution Sign</h3> <img src="/resources/images/rating4.png"> $11.33 <a class="button" href="/product?productId=2">View details</a> </div> <div> <img src="/image/productcatalog/products/44.jpg"> <h3>Paint a rainbow</h3> <img src="/resources/images/rating2.png"> $84.68 <a class="button" href="/product?productId=3">View details</a> </div> <div> <img src="/image/productcatalog/products/5.jpg"> <h3>Cheshire Cat Grin</h3> <img src="/resources/images/rating1.png"> $65.39 <a class="button" href="/product?productId=4">View details</a> </div> <div> <img src="/image/productcatalog/products/57.jpg"> <h3>Lightbulb Moments</h3> <img src="/resources/images/rating2.png"> $56.26 <a class="button" href="/product?productId=5">View details</a> </div> <div> <img src="/image/productcatalog/products/53.jpg"> <h3>High-End Gift Wrapping</h3> <img src="/resources/images/rating4.png"> $61.63 <a class="button" href="/product?productId=6">View details</a> </div> <div> <img src="/image/productcatalog/products/8.jpg"> <h3>Folding Gadgets</h3> <img src="/resources/images/rating5.png"> $44.83 <a class="button" href="/product?productId=7">View details</a> </div> <div> <img src="/image/productcatalog/products/26.jpg"> <h3>The Splash</h3> <img src="/resources/images/rating2.png"> $63.16 <a class="button" href="/product?productId=8">View details</a> </div> <div> <img src="/image/productcatalog/products/38.jpg"> <h3>Six Pack Beer Belt</h3> <img src="/resources/images/rating1.png"> $73.73 <a class="button" href="/product?productId=9">View details</a> </div> <div> <img src="/image/productcatalog/products/75.jpg"> <h3>Grow Your Own Spy Kit</h3> <img src="/resources/images/rating2.png"> $90.21 <a class="button" href="/product?productId=10">View details</a> </div> <div> <img src="/image/productcatalog/products/31.jpg"> <h3>Couple&apos;s Umbrella</h3> <img src="/resources/images/rating5.png"> $6.83 <a class="button" href="/product?productId=11">View details</a> </div> <div> <img src="/image/productcatalog/products/58.jpg"> <h3>There is No &apos;I&apos; in Team</h3> <img src="/resources/images/rating2.png"> $79.83 <a class="button" href="/product?productId=12">View details</a> </div> <div> <img src="/image/productcatalog/products/14.jpg"> <h3>Mood Enhancer</h3> <img src="/resources/images/rating3.png"> $90.05 <a class="button" href="/product?productId=13">View details</a> </div> <div> <img src="/image/productcatalog/products/30.jpg"> <h3>Giant Pillow Thing</h3> <img src="/resources/images/rating4.png"> $26.26 <a class="button" href="/product?productId=14">View details</a> </div> <div> <img src="/image/productcatalog/products/16.jpg"> <h3>Photobomb Backdrops</h3> <img src="/resources/images/rating5.png"> $59.36 <a class="button" href="/product?productId=15">View details</a> </div> <div> <img src="/image/productcatalog/products/21.jpg"> <h3>Snow Delivered To Your Door</h3> <img src="/resources/images/rating5.png"> $64.74 <a class="button" href="/product?productId=16">View details</a> </div> <div> <img src="/image/productcatalog/products/37.jpg"> <h3>The Giant Enter Key</h3> <img src="/resources/images/rating3.png"> $1.56 <a class="button" href="/product?productId=17">View details</a> </div> <div> <img src="/image/productcatalog/products/4.jpg"> <h3>BURP Protection</h3> <img src="/resources/images/rating1.png"> $41.57 <a class="button" href="/product?productId=18">View details</a> </div> <div> <img src="/image/productcatalog/products/45.jpg"> <h3>ZZZZZZ Bed - Your New Home Office</h3> <img src="/resources/images/rating3.png"> $2.26 <a class="button" href="/product?productId=19">View details</a> </div> <div> <img src="/image/productcatalog/products/17.jpg"> <h3>Picture Box</h3> <img src="/resources/images/rating1.png"> $13.60 <a class="button" href="/product?productId=20">View details</a> </div> </section> <script> initGeoLocate('//' + data.host + '/resources/json/geolocate.json'); </script> </div> </section> </div> </body> </html>

kairosdev | Last updated: Mar 14, 2022 08:34PM UTC

Apologies. I made a mistake in Lab: Web cache poisoning to exploit a DOM vulnerability via a cache with strict cache ability criteria. Forget it.

kairosdev | Last updated: Apr 11, 2022 06:22PM UTC

Have you any solution to this response? Michelle, PortSwigger Agent | Last updated: Mar 14, 2022 08:36AM UTC Thanks for getting in touch to report this issue. We have been able to replicate the problem here and have identified an issue in this particular lab. This has been raised with the Academy team and they are investigating the cause of the problem. We'll update this thread once we have an update.

Michelle, PortSwigger Agent | Last updated: Apr 12, 2022 07:36AM UTC

The issues with the lab "Targeted web cache poisoning using an unknown header" have now been resolved. If there's a particular lab you're having problems with can you let us know the name of the lab, please?

kairosdev | Last updated: Apr 14, 2022 05:49PM UTC

I doesn't work yet.

kairosdev | Last updated: Apr 14, 2022 05:50PM UTC

It*

Hannah, PortSwigger Agent | Last updated: Apr 15, 2022 07:30AM UTC