By | December 18, 2020

In this article we are telling you about web cache poisoning vulnerability What is web cache poisoning vulnerability and how to find this vulnerability in a website.

Here web cache poisoning vulnerability is being told to you, both theory and practical, as you have been told before by labs solve, you are also being told like this.

All this is being told to you for educational purpose, you should never use it wrongly, here we are telling you by solving two labs of web cache poisoning vulnerability.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

Web cache poisoning

Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.

Let us try to understand this by example, like request is sent to one of your web servers, if you get cache value in response here, if you somehow managed to send cache with different domain in web server. In this case this is called web cache poisoning.

web cache poisoning

Here now hackers can also use cross site scripting attacks payloads with web cache poisoning, along with JavaScript injection, open redirection vulnerability can also perform such attacks here when you solve all its labs in such a way You understand yourself.

If you try to understand the web cache poisoning vulnerability in easy language, in this case you can say that the web server is not verifying in any way that the request is coming for which domain.

https://portswigger.net/web-security/web-cache-poisoning

Web cache poisoning Labs ?

Here we are telling you by solving two labs of web cache poisoning vulnerability, here you get more labs besides these, which you can try to solve by yourself.

https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws/lab-web-cache-poisoning-with-an-unkeyed-header

web cache poisoning

Here first you have to run the burp suite normally, after this, you have to access lab as we do in all labs, similarly here also you have to access the lab.

web cache poisoning

After accessing the lab, the page opens in front of you in such a way that as you can see in the image, after doing all this you get the url to attack web cache poisoning.

web cache poisoning

As you can see in the image here, if you do not get the url for the first time, in such a way you can refresh the home page once, in front of you also the url shows something like this in the http history of burp suite.

web cache poisoning

After doing all this you have to send this request to the repeater, you have to payload and host something like this, here we have done the same way to understand you, as mentioned in the lab

web cache poisoning

After doing all this, when you send the request in such a way, first you get a cache miss but upon sending again, you get a cache hit. Here we have shown the cache using another domain.

web cache poisoning

After doing all this, you get the option of exploit server in lab, you have to give the path and payload of that javascript as you can see in the image all this information you get with lab itself.

After doing all this you have to click on the store, after this you have to give lab id in burp suite and send the request again as you can see in the image.

After doing all the process in this way, you get this web cache poisoning lab of Vulnerability solved as you can see in the image, you have got a message show of congratulations here.

How to use Burp Suite

https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws/lab-web-cache-poisoning-with-an-unkeyed-cookie

In the same way, you can solve the other lab of web cache poisoning vulnerability by solving it as you can see in the image, you get more labs here.

web cache poisoning

Here also you have to do the same process as you have been told earlier, after accessing this lab, the home page in front of you opens up in such a way as you can see in the image.

After doing all this, you get url show in http history in burp suite like in previous lab we used their header, just like their cookie is used here, you can also read about hijacking cookies here.

How to Hack Facebook using Cookies Hijacking

After doing all this, you have to send this request to the repeater, as you can see in the image, after sending the request, you are also getting a cookie show in response, here we have to change it.

As you can see in the image here we have used the payload with freelearningtech, after doing this, there is no error of any kind on sending the request and the response gets.

Here you can use any kind of string instead of freelearningtech, after doing all this you will be able to see that this lab has also been solved as if you can see you have got a message show of congratulations.

Also Read

What is server side request forgery ssrf

Insecure deserialization vulnerability

Bypass website two factor authentication

The Conclusion

I hope now you know about web cache poisoning vulnerability as well as you have also come to know how to solve the labs of web cache poisoning vulnerability.

Here we have told you by solving two labs of web cache poisoning vulnerability, it is not possible to solve all the labs and in such a way, you can try them by yourself, if you have any kind of problem, then ask in the comment.

All this has been told to you for educational purpose, in the following articles, the proper way to bug bounty or you can say that the steps to find bug will also be told soon.

There is no doubt that you can earn well by doing bug bounty, but it takes a lot of hard work to find bugs, you need to have a lot of knowledge, in such a way you should know about almost all the vulnerabilities found in websites.

If you have any kind of question, in this way you can ask in the comments how Facebook hacking is done using cookies, it has also been told to you before how everything works.

If you like this article of ours, then you must share it, as well as you can also tell in the comment on which topic you want articles, from our side you will get articles on the same.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *