Burp Suite User Forum

Login to post

Web cache poisoning via ambiguous requests

andrew | Last updated: May 31, 2022 06:16AM UTC

Currently the lab can't be completed since _lab and session cookies have the Httponly flag when the lab is first loaded. The alert(document.cookie) will never fire correctly.

Michelle, PortSwigger Agent | Last updated: May 31, 2022 01:33PM UTC

Thanks for your message. We have checked the lab and the alert(document.cookie) is firing correctly when we use the supplied solution. Are you still having issues with this lab?

Long | Last updated: Jun 01, 2022 10:09AM UTC

Dear Michelle, I still cannot complete this lab even alert(document.cookie) fires ok. I tried look at the access logs of exploit server and i think may be because of the user never visits the site's home page.

Long | Last updated: Jun 01, 2022 10:09AM UTC

Dear Michelle, I still cannot complete this lab even alert(document.cookie) fires ok. I tried look at the access logs of exploit server and i think may be because of the user never visits the site's home page.

Michelle, PortSwigger Agent | Last updated: Jun 01, 2022 10:43AM UTC

Thanks for your message. When we tested the lab here we were able to solve it using the steps given in the solution, can you tell us a bit more about the steps you're taking, please? If it's easier to describe them using screenshots then feel free to send an email to support@portswigger.net

Long | Last updated: Jun 01, 2022 12:58PM UTC

Thank you so much for support. I leave the lab for few hours, and comeback tried to solve and my method worked fines and the lab was solved. To be honest, i don't really understand why in the past it isn't work.

You need to Log in to post a reply. Or register here, for free.