Cache Deception 01
This exercise details how to exploit an application vulnerable to cache deception
This course is inspired by a tweet and demonstrates the exploitation of a weakness in the configuration of a Varnish caching server. In this lab, Varnish caches static files without sufficient filtering. The challenge is to manipulate the caching mechanism to extract the admin account key.
To successfully exploit this issue, you need to create an account, log in, and observe the requests and responses during the profile page load. You'll find a request containing sensitive information and the key for this challenge. The next step is to get Varnish to cache this response using a suffix like /random123.css
. After confirming the caching with a X-Cache: HIT
header, you need to trick the victim into visiting a page linking to this URL to retrieve the key.