Lab: Web cache poisoning with an unkeyed header
4 هزار بار بازدید -
9 ماه پیش
-
In-depth solution to PortSwigger's "Web
In-depth solution to PortSwigger's "Web cache poisoning with an unkeyed header" lab.
👀 Check out playlist Web Cache Poisoning for all my solutions to the Web Cache Poisoning labs from PortSwigger.
Try it yourself:
https://portswigger.net/web-security/...
Timestamps:
00:00 - Intro
00:13 - Identify a suitable cache oracle
01:20 - Add a cache buster
02:13 - When are two requests identical?
03:12 - Why do we add a cache buster?
03:53 - Test the cache buster in Burp
04:37 - Use Param Miner to find X-Forwarded-Host header
05:28 - What is an unkeyed input?
06:18 - Inject the X-Forwarded-Host header
👀 Check out playlist Web Cache Poisoning for all my solutions to the Web Cache Poisoning labs from PortSwigger.
Try it yourself:
https://portswigger.net/web-security/...
Timestamps:
00:00 - Intro
00:13 - Identify a suitable cache oracle
01:20 - Add a cache buster
02:13 - When are two requests identical?
03:12 - Why do we add a cache buster?
03:53 - Test the cache buster in Burp
04:37 - Use Param Miner to find X-Forwarded-Host header
05:28 - What is an unkeyed input?
06:18 - Inject the X-Forwarded-Host header
9 ماه پیش
در تاریخ 1402/10/12 منتشر شده
است.
4,085
بـار بازدید شده