Lab: Exploiting HTTP request smuggling to perform web cache poisoning

Показать описание

In-depth solution to PortSwigger's "Exploiting HTTP request smuggling to perform web cache poisoning" lab.

Try it yourself:

Timestamps:
00:00 - Intro
00:38 - Detect the CL.TE vulnerability
02:02 - Confirm the CL.TE vulnerability
03:54 - Find & turn onsite redirect into offsite redirect
05:37 - Find static asset cached by frontend
06:42 - Poison the frontend server's cached asset

Рекомендации по теме

Комментарии

Hey everyone! Check out this playlist for all my solutions to the HTTP Request Smuggling labs from PortSwigger – 👀

Here are the timestamps for this video – ⏱
00:00 - Intro
00:38 - Detect the CL.TE vulnerability
02:02 - Confirm the CL.TE vulnerability
03:54 - Find & turn onsite redirect into offsite redirect
05:37 - Find static asset cached by frontend
06:42 - Poison the frontend server's cached asset

netletic

Jarno, you really have a knack for breaking down complicated steps into something easier to digest. The effort you put in shows, and the quality is top-notch! Most content creators out there solely click around or paraphrase the solution out loud without much explanation, but you stand out by breaking everything down piece by piece. Your understanding of the topic really shines through. I hope you will continue adding content, you save me hours of headache !

cowid

Thank you! I really enjoyed the video, especially how you made everything seem so simple. I particularly liked the backend part where every 30 seconds, it takes a JS file. By injecting our JS payload, anyone accessing the page triggers the payload.

huyhuynh

This is so great; thank you keep up the good work.

amrzaki

I am sincerely grateful to you, Thanks Bro ❤❤❤
you excel as an educator!

bolbolinfosec

Lab: Exploiting HTTP request smuggling to perform web cache poisoning

Lab: Exploiting HTTP request smuggling to perform web cache deception

Lab: Exploiting HTTP request smuggling to perform web cache poisoning

Lab: Exploiting HTTP request smuggling to reveal front-end request rewriting

Exploiting HTTP request smuggling to bypass front-end security ... (Video solution, Audio)

Lab: Exploiting HTTP request smuggling to capture other users' requests

Lab: Exploiting HTTP request smuggling to deliver reflected XSS

Exploiting HTTP request smuggling to reveal front-end request rewriting ... (Video solution, Audio)

Lab 6 | Exploiting HTTP Request Smuggling to Bypass Front-End Security Controls, CL.TE Vulnerability

Exploiting HTTP request smuggling to perform web cache poisoning (Video solution, Audio)

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability

Lab 9 | Exploiting HTTP Request Smuggling to Capture Other Users' Requests #BugBounty

Lab 8 | Exploiting HTTP Request Smuggling to Reveal Front-End Request Rewriting #BugBounty

24.6 Lab: Exploiting HTTP request smuggling to capture users requests - Karthikeyan Nagaraj | 2024

Lab: HTTP request smuggling, basic CL.TE vulnerability

Exploiting HTTP request smuggling to bypass front-end ... (Video solution, Audio)

Exploiting HTTP request smuggling to perform web cache deception (Video solution, Audio)

Exploiting HTTP request smuggling to capture other users' requests (Video solution, Audio)

Exploiting HTTP request smuggling to perform web cache poisoning (SOLVED) - Burp Suite Community

Lab 7 | Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Lab Exploiting HTTP request smuggling to capture other users' requests

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Lab Exploiting HTTP request smuggling to deliver reflected XSS

Lab Exploiting HTTP request smuggling to perform web cache deception

Lab Exploiting HTTP request smuggling to capture other users' requests | IT7B4 Comprehensive A...