Lab: Web cache poisoning with multiple headers

In-depth solution to PortSwigger's "Web cache poisoning with multiple headers" lab.

👀 Check out playlist    • Web Cache Poisoning   for all my solutions to the Web Cache Poisoning labs from PortSwigger.

Try it yourself:
https://portswigger.net/web-security/...

Timestamps:
00:00 - Intro
00:37 - Identify a suitable cache oracle
01:10 - Add a cache buster
02:14 - Find the X-Forwarded-Scheme unkeyed input
03:02 - Explore X-Forwarded-Scheme input potential
04:34 - Find the X-Forwarded-Host unkeyed input
05:44 - Explore X-Forwarded-Host input potential
06:23 - Why Param Miner can't find X-Forwarded-Host on 1st scan
08:40 - Trigger an off-site redirect for a JS file
09:38 - Inject our harmful response into the cache