Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Web cache poisoning via the Host header Lab

José | Last updated: Nov 14, 2020 01:00AM UTC

I completed the successfully displaying alert(document.cookie) after poisoning the cache, but the state of the lab still says: Not solved

Hannah, PortSwigger Agent | Last updated: Nov 16, 2020 08:39AM UTC

Hi For these labs, you will normally have to keep the cache poisoned until the victim visits the site and triggers the alert. Did you try keeping the lab poisoned for a couple of minutes?

Eileen | Last updated: Dec 14, 2021 06:52PM UTC

Hi, I also encountered the same problem. I have copied the request into a curl command and threw a while loop to indefinitely poison the website. I did get an empty alert box and the exploit server's log has record of browser pulling the javascript. The lab remains unsolved which is frustrating.

Furkan | Last updated: Dec 15, 2021 12:29AM UTC

Hello, I faced the same problem with first 2 labs until now. The payload is working but the user does not trigger the command.

Furkan | Last updated: Dec 15, 2021 01:07AM UTC

It seems fixed.

Eileen | Last updated: Dec 15, 2021 08:16AM UTC

Hi, Here is an update. I waited a day for the lab to expire and retried again. This time the lab recognized the poisoning and gave me a solved.

Eileen | Last updated: Dec 15, 2021 08:16AM UTC

Hi, Here is an update. I waited a day for the lab to expire and retried again. This time the lab recognized the poisoning and gave me a solved.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.