Lab: Combining web cache poisoning vulnerabilities

  Рет қаралды 1,093

Jarno Timmermans

Jarno Timmermans

Күн бұрын

Пікірлер: 8
@netletic
@netletic 9 ай бұрын
Hey everyone! Check out this playlist for all my solutions to the Web Cache Poisoning labs from PortSwigger: kzbin.info/aero/PLGb2cDlBWRUUvoGqcCF1xe86AaRXGSMT5 Here are the timestamps for this video - ⏱ 00:00 - Start 00:40 - Identify a cache oracle 01:10 - Add a cache buster 01:39 - Find unkeyed inputs 02:35 - Explore X-Forwarded-Host input potential 06:29 - Identify the DOM XSS Source & Sink 07:25 - Inject a harmful response into the cache with the X-Forwarded-Host header 10:32 - How can we redirect all users to the Spanish homepage? 12:23 - Explore X-Original-URL input potential 15:37 - Figure out how the language setting works 16:05 - How can we get the /setlang/es? redirect cached? 18:22 - Inject a harmful response into the cache via X-Original-URL 19:28 - Chain the two vulnerabilities together
@warnawarni5227
@warnawarni5227 9 ай бұрын
Always The Best Explanation...NIce job
@netletic
@netletic 9 ай бұрын
thanks @warnawarni5227! ☺️
@zinjacoder
@zinjacoder 5 ай бұрын
Hats off to you brother, You are making content which are typical comes with paid courses requiring huge amount of fees.
@KL-og8gg
@KL-og8gg 9 ай бұрын
Very nice, keep going brother. Can you do the SSO series?
@netletic
@netletic 9 ай бұрын
thanks @KL-og8gg! are these the OAuth labs? I can add it to the list, I'm working on the API security labs and GraphQL labs at the moment, but could do OAuth after. ☺
@KL-og8gg
@KL-og8gg 9 ай бұрын
@@netletic Thank you, that's awesome. You have the best explain and walk through ever. Please keep going, I will share your channel to everyone :)
@kittoh_
@kittoh_ 3 ай бұрын
Do you have a hotkey to send request within repeater?
Lab: Web cache poisoning via an unkeyed query string
6:05
Jarno Timmermans
Рет қаралды 917
Lab: Web Cache Poisoning with Parameter Cloaking
9:23
Jarno Timmermans
Рет қаралды 928
😜 #aminkavitaminka #aminokka #аминкавитаминка
00:14
Аминка Витаминка
Рет қаралды 3,2 МЛН
ЛУЧШИЙ ФОКУС + секрет! #shorts
00:12
Роман Magic
Рет қаралды 32 МЛН
Walking on LEGO Be Like... #shorts #mingweirocks
00:41
mingweirocks
Рет қаралды 6 МЛН
Lab: Web cache poisoning with multiple headers
11:02
Jarno Timmermans
Рет қаралды 1,8 М.
Lab: Bypassing access controls via HTTP/2 request tunnelling
13:27
Jarno Timmermans
Рет қаралды 1,7 М.
SameSite Lax bypass via cookie refresh - Lab#10
29:39
Mohd Badrudduja
Рет қаралды 107
Lab: Web cache poisoning via a fat GET request
9:01
Jarno Timmermans
Рет қаралды 789
Lab: Web Cache Poisoning with URL Normalization
5:15
Jarno Timmermans
Рет қаралды 994
AI Nugets - 5x Velocity and Higher Quality with Aider
12:26
Lab: Web cache poisoning with an unkeyed cookie
7:00
Jarno Timmermans
Рет қаралды 1,7 М.
Lab: Web cache poisoning via HTTP/2 request tunnelling
10:34
Jarno Timmermans
Рет қаралды 1,3 М.
😜 #aminkavitaminka #aminokka #аминкавитаминка
00:14
Аминка Витаминка
Рет қаралды 3,2 МЛН