Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

"Targeted web cache poisoning using an unknown header" seems broken

Axel | Last updated: Mar 11, 2022 04:49PM UTC

Hi there, I've attempted the <insert subject> lab 2 times. After peeking at the solution it was clear that what I was doing is correct. I leak the User-Agent (tried both collaborator and exploit-server) and I poison the cache using the x-host HTTP header. However, even when spamming this request (tried removing other headers), the victim does not get XSSd. When I use my own User-Agent the cookie gets printed/leaked in my browser. Is the lab broken or am I doing something wrong?

Patrick | Last updated: Mar 12, 2022 02:37AM UTC

I reached out to them yesterday; today got word back that they tested and lab is indeed broken.

Ben, PortSwigger Agent | Last updated: Mar 14, 2022 09:24AM UTC

Hi both, Yes that is correct - we believe that there is an issue with this particular lab and the development team are in the process of working on a fix in order to resolve the issue. We will update this thread when this fix has gone live.

Axel | Last updated: Apr 04, 2022 09:07AM UTC

Hi Portswigger, Any updates regarding this lab?

Ben, PortSwigger Agent | Last updated: Apr 04, 2022 10:01AM UTC