Course

In this course, you will learn to exploit a Web Cache Poisoning vulnerability where Varnish caches static files without sufficient filtering. Initially, you will create an account and log in to observe the requests and responses when your profile page loads. By identifying a request containing sensitive information and locating a self-XSS, you will prepare your payload.

The next step involves getting Varnish to cache the response with your payload using a unique suffix such as `/random123.css`. Once confirmed that the response is cached, you will manipulate the cache to turn the self-XSS into a full XSS, ensuring it gets triggered when the victim visits the page. This exercise demonstrates how attackers can exploit caching misconfigurations to escalate self-XSS into broader attacks.