Course

Inspired by a tweet, this course delves into the exploitation of a Varnish caching server misconfiguration. Varnish, used to cache static files, lacks sufficient filtering in this scenario, enabling attackers to exploit the caching mechanism. Participants will create an account, log in, and observe the requests and responses on their profile page. The goal is to identify a request containing sensitive information and manipulate Varnish to cache this response using a specific suffix.

Once the response is cached, participants will use another suffix to trick the admin into accessing a URL that leads to the cached information. This information will then be used to impersonate the admin and retrieve the key for the challenge. The course concludes by highlighting how attackers can exploit web cache deception vulnerabilities to gain unauthorized access to user accounts.