Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

"Targeted web cache poisoning using an unknown header" seems broken

Axel | Last updated: Mar 11, 2022 04:49PM UTC

Hi there, I've attempted the <insert subject> lab 2 times. After peeking at the solution it was clear that what I was doing is correct. I leak the User-Agent (tried both collaborator and exploit-server) and I poison the cache using the x-host HTTP header. However, even when spamming this request (tried removing other headers), the victim does not get XSSd. When I use my own User-Agent the cookie gets printed/leaked in my browser. Is the lab broken or am I doing something wrong?

Patrick | Last updated: Mar 12, 2022 02:37AM UTC

I reached out to them yesterday; today got word back that they tested and lab is indeed broken.

Ben, PortSwigger Agent | Last updated: Mar 14, 2022 09:24AM UTC

Hi both, Yes that is correct - we believe that there is an issue with this particular lab and the development team are in the process of working on a fix in order to resolve the issue. We will update this thread when this fix has gone live.

Axel | Last updated: Apr 04, 2022 09:07AM UTC

Hi Portswigger, Any updates regarding this lab?

Ben, PortSwigger Agent | Last updated: Apr 04, 2022 10:01AM UTC

Hi Axel, We have now released a fix that resolves the issues with the lab 'Targeted web cache poisoning using an unknown header' and this lab can now be solved using the solution provided. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.