Lab: Combining web cache poisoning vulnerabilities

  Рет қаралды 1,130

Jarno Timmermans

Jarno Timmermans

Күн бұрын

Пікірлер: 8
@netletic
@netletic 10 ай бұрын
Hey everyone! Check out this playlist for all my solutions to the Web Cache Poisoning labs from PortSwigger: kzbin.info/aero/PLGb2cDlBWRUUvoGqcCF1xe86AaRXGSMT5 Here are the timestamps for this video - ⏱ 00:00 - Start 00:40 - Identify a cache oracle 01:10 - Add a cache buster 01:39 - Find unkeyed inputs 02:35 - Explore X-Forwarded-Host input potential 06:29 - Identify the DOM XSS Source & Sink 07:25 - Inject a harmful response into the cache with the X-Forwarded-Host header 10:32 - How can we redirect all users to the Spanish homepage? 12:23 - Explore X-Original-URL input potential 15:37 - Figure out how the language setting works 16:05 - How can we get the /setlang/es? redirect cached? 18:22 - Inject a harmful response into the cache via X-Original-URL 19:28 - Chain the two vulnerabilities together
@warnawarni5227
@warnawarni5227 9 ай бұрын
Always The Best Explanation...NIce job
@netletic
@netletic 9 ай бұрын
thanks @warnawarni5227! ☺️
@zinjacoder
@zinjacoder 6 ай бұрын
Hats off to you brother, You are making content which are typical comes with paid courses requiring huge amount of fees.
@KL-og8gg
@KL-og8gg 9 ай бұрын
Very nice, keep going brother. Can you do the SSO series?
@netletic
@netletic 9 ай бұрын
thanks @KL-og8gg! are these the OAuth labs? I can add it to the list, I'm working on the API security labs and GraphQL labs at the moment, but could do OAuth after. ☺
@KL-og8gg
@KL-og8gg 9 ай бұрын
@@netletic Thank you, that's awesome. You have the best explain and walk through ever. Please keep going, I will share your channel to everyone :)
@kittoh_
@kittoh_ 3 ай бұрын
Do you have a hotkey to send request within repeater?
Lab: Web cache poisoning via an unkeyed query string
6:05
Jarno Timmermans
Рет қаралды 951
Lab: Web Cache Poisoning with Parameter Cloaking
9:23
Jarno Timmermans
Рет қаралды 972
Players vs Pitch 🤯
00:26
LE FOOT EN VIDÉO
Рет қаралды 137 МЛН
FOREVER BUNNY
00:14
Natan por Aí
Рет қаралды 30 МЛН
Do you love Blackpink?🖤🩷
00:23
Karina
Рет қаралды 20 МЛН
Can You Find Hulk's True Love? Real vs Fake Girlfriend Challenge | Roblox 3D
00:24
Lab: Web cache poisoning with multiple headers
11:02
Jarno Timmermans
Рет қаралды 1,8 М.
Lab: Client-Side Desync
17:55
Jarno Timmermans
Рет қаралды 4,9 М.
Lab: HTTP/2 request smuggling via CRLF injection
9:19
Jarno Timmermans
Рет қаралды 1,9 М.
Lab: Web cache poisoning via HTTP/2 request tunnelling
10:34
Jarno Timmermans
Рет қаралды 1,3 М.
Lab: Web cache poisoning via a fat GET request
9:01
Jarno Timmermans
Рет қаралды 830
Cache Poisoning? - Solution to November '22 XSS Challenge
22:02
Intigriti
Рет қаралды 3,9 М.
Lab: Bypassing access controls via HTTP/2 request tunnelling
13:27
Jarno Timmermans
Рет қаралды 1,7 М.
Players vs Pitch 🤯
00:26
LE FOOT EN VIDÉO
Рет қаралды 137 МЛН