Lab: Combining web cache poisoning vulnerabilities

Рет қаралды 912

Күн бұрын

Пікірлер: 8

@netletic 7 ай бұрын

Hey everyone! Check out this playlist for all my solutions to the Web Cache Poisoning labs from PortSwigger: kzbin.info/aero/PLGb2cDlBWRUUvoGqcCF1xe86AaRXGSMT5 Here are the timestamps for this video - ⏱ 00:00 - Start 00:40 - Identify a cache oracle 01:10 - Add a cache buster 01:39 - Find unkeyed inputs 02:35 - Explore X-Forwarded-Host input potential 06:29 - Identify the DOM XSS Source & Sink 07:25 - Inject a harmful response into the cache with the X-Forwarded-Host header 10:32 - How can we redirect all users to the Spanish homepage? 12:23 - Explore X-Original-URL input potential 15:37 - Figure out how the language setting works 16:05 - How can we get the /setlang/es? redirect cached? 18:22 - Inject a harmful response into the cache via X-Original-URL 19:28 - Chain the two vulnerabilities together

@warnawarni5227 7 ай бұрын

Always The Best Explanation...NIce job

@netletic 7 ай бұрын

thanks @warnawarni5227! ☺️

@zinjacoder 3 ай бұрын

Hats off to you brother, You are making content which are typical comes with paid courses requiring huge amount of fees.

@KL-og8gg 7 ай бұрын

Very nice, keep going brother. Can you do the SSO series?

@netletic 7 ай бұрын

thanks @KL-og8gg! are these the OAuth labs? I can add it to the list, I'm working on the API security labs and GraphQL labs at the moment, but could do OAuth after. ☺

@KL-og8gg 7 ай бұрын

@@netletic Thank you, that's awesome. You have the best explain and walk through ever. Please keep going, I will share your channel to everyone :)