Hey everyone! Check out this playlist for all my solutions to the Web Cache Poisoning labs from PortSwigger: ruclips.net/p/PLGb2cDlBWRUUvoGqcCF1xe86AaRXGSMT5 Here are the timestamps for this video - ⏱ 00:00 - Intro 00:29 - Identify a cache oracle 01:05 - Add a cache buster 03:17 - Identify simple XSS 03:56 - Identify parameter pollution 04:43 - Find unkeyed input 05:24 - How Parameter Cloaking would work? 06:55 - Parameter pollution with a fat GET request
i have a question. how do you trigger the alert(1) for a single user using the cache buster. so that when you open the web page you see alert(1) for just your session. because i tried poisoning the homepage and the callback geolocate at once through send "request in parallel". and i used thesame cache buster(origin header) for both homepage and the geolocate. and it didn't work. for a real pentest/bug hunting scenario poisoning the cache for everyone would be considered unethical. i hope you understand my question. because for your videos on other labs you were able to trigger the alert with your cache buster and confirming the attack for just your session, before poisoning the cache for everyone . so in this case how do we trigger the alert for our session without poisoning the cache for everyone that visits the homepage.
Hey everyone! Check out this playlist for all my solutions to the Web Cache Poisoning labs from PortSwigger: ruclips.net/p/PLGb2cDlBWRUUvoGqcCF1xe86AaRXGSMT5
Here are the timestamps for this video - ⏱
00:00 - Intro
00:29 - Identify a cache oracle
01:05 - Add a cache buster
03:17 - Identify simple XSS
03:56 - Identify parameter pollution
04:43 - Find unkeyed input
05:24 - How Parameter Cloaking would work?
06:55 - Parameter pollution with a fat GET request
Sir please tell that in real time bug bounty hunting how to find exploit server for hunting
i have a question.
how do you trigger the alert(1) for a single user using the cache buster. so that when you open the web page you see alert(1) for just your session.
because i tried poisoning the homepage and the callback geolocate at once through send "request in parallel". and i used thesame cache buster(origin header) for both homepage and the geolocate. and it didn't work.
for a real pentest/bug hunting scenario poisoning the cache for everyone would be considered unethical.
i hope you understand my question.
because for your videos on other labs you were able to trigger the alert with your cache buster and confirming the attack for just your session, before poisoning the cache for everyone .
so in this case how do we trigger the alert for our session without poisoning the cache for everyone that visits the homepage.