Web cache poisoning - gachikuku/portswigger GitHub Wiki

Practitioner lab:
Web cache poisoning with an unkeyed header

  • Solution

    1. Get param-miner's wordlist
      curl -o headers.txt 'https://raw.githubusercontent.com/PortSwigger/param-miner/refs/heads/master/resources/headers'

    2. Run ffuf to get the unkeyed header.
      ffuf -w headers.txt -u "https://uuid.web-security-academy.net/?cb=FUZZ" -H "FUZZ: canary123" -mr "canary123"

    3. Craft payload based on x-forwarded-host header, using portswigger's exploit server.

Solutions for the Portswigger's Web Security Academy using mitmproxy and other cli tools instead of Burp Suite

⚠️ **GitHub.com Fallback** ⚠️