-
Notifications
You must be signed in to change notification settings - Fork 0
Web cache poisoning
Alnoman Kamil edited this page Nov 14, 2024
·
2 revisions
Apprentice lab:
Exploiting path mapping for web cache deception
Apprentice lab:
Exploiting path mapping for web cache deception
-
Solution
- Log in as
wiener:peter. - Observe requests made and look at the
/my-accountendpoint adding a random resource such asmeow.css - When visiting
/my-account/meow.css. We get a x-cache miss with a max age of 30 (seconds). - With caching confirmed an exploit can be delivered to a victim.
<script>document.location="https://uuid.web-security-academy.net/my-account/meow.css"</script>
- Log out from
wiener:peterand visit the URL that was used in the payload.
- Log in as
Solutions for the Portswigger's Web Security Academy using mitmproxy and other cli tools instead of Burp Suite
Server-side topics:
- SQL injection
- Authentication
- File path traversal
- OS command injection
- Business logic vulnerabilities
- Information disclosure
- Access control vulnerabilities
- File upload vulnerabilities
- Race conditions
- Server-side request forgery (SSRF)
- XML external entity (XXE) injection
- NoSQL injection
- API testing
Client-side topics:
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-origin resource sharing (CORS)
- Clickjacking
- DOM-based vulnerabilities
- WebSockets
Advanced topics: