1. Web Security Academy
  2. Web cache poisoning
  3. Exploiting cache design flaws
  4. Lab

Lab: Targeted web cache poisoning using an unknown header


This lab is vulnerable to web cache poisoning. A user visits the home page roughly once a minute. The user also views any comments you post. To solve this lab, you need to poison the cache with a response that executes alert(document.cookie) in the visitor's browser. However, you also need to make sure that the response is served to the specific subset of users to which the intended victim belongs.