Portswigger Academy Web cache poisoning Labs

Introduction

What?

Web cache poisoning is an advanced technique whereby an attacker exploits the behavior of a web server and cache so that a harmful HTTP response is served to other users.

Why?

A poisoned web cache can potentially be a devastating means of distributing numerous different attacks, exploiting vulnerabilities such as XSS, JavaScript injection, open redirection, and so on.

How?

• Web cache poisoning

• Web cache poisoning with an unkeyed header

• Web cache poisoning with an unkeyed cookie

• Web cache poisoning with multiple headers

• Targeted web cache poisoning using an unknown header

• Web cache poisoning via an unkeyed query string

• Web cache poisoning via an unkeyed query parameter

• Parameter cloaking

• Web cache poisoning via a fat GET request

• URL normalization

• Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria

• Combining web cache poisoning vulnerabilities

• Cache key injection

• Internal cache poisoning