Web cache deception - gachikuku/portswigger GitHub Wiki
Apprentice lab:
Exploiting path mapping for web cache deception
Apprentice lab:
Exploiting path mapping for web cache deception
-
Solution
- Log in as
wiener:peter
. - Observe requests made and look at the
/my-account
endpoint adding a random resource such asmeow.css
- When visiting
/my-account/meow.css
. We get a x-cache miss with a max age of 30 (seconds). - With caching confirmed an exploit can be delivered to a victim.
<script>document.location="https://uuid.web-security-academy.net/my-account/meow.css"</script>
- Log out from
wiener:peter
and visit the URL that was used in the payload.
- Log in as