Abusing http misconfigurations

I am trying to solve the first modules about Abusing HTTP-misconfigurations But the first one is very difficult and I solved it, I think luckily because I use the same payload, even I have changed a bit but it can’t get the flag for the second time.

I DM’d you. I am working on this module as well.

I’ve everything except “Bypassing Flawed Validation” which I am stuck on.

1 Like

have a look at your /etc/hosts file and maybe you can find another solution for localhost…

1 Like

Likely the only single one I didn’t try. Thx :slight_smile:

When i find the first flag for the fat get, the other one for cloacks is it in the same server ?

has anyone done the easy skills assessment? i’ve been trying to solve it for about a week with no luck. I even made a python script which tried every configuration of reset, registration, login etc. no luck

Yeah, it will be the same IP and specify in the hosts file.

You will need to attempt to access the Admin area with the provided credentials . You will need to have two tabs open. Then you can test the forms found at login (in the second tab) to determine which will get you admin area access.

Don’t overthink it and it can be done with two browser tabs open.

1 Like

oh man were you ever right. I overthought that so hard. Thank you!

1 Like

I am trying this module as well, and I am stuck with two exercises left: Advanced Cache Poisoning Techniques and Skill Assessment - Hard.

In both cases, there seem to be something I don’t control. In the former, I think I have the correct poisoining payload, but the website is escaping all the XSS characters, so I am able to poison the cache, but the XSS payload is escaped.

In the latter, I am able to inject the XSS in cache, but none of my tries to have the admin exfiltrate data to interactsh.local work. The override headers don’t seem to work in this case.

it will be the same IP and specify in the hosts file.

On the hard assessment you might want to create a list of every page/unique url (including logged in) as you might need to skip a step somewhere to get further access. Two browser tabs is all you need as well.

Hi maxz I am also stuck in the Bypassing Flawed Validation lab, were you able to finish this lab? I would be very grateful if you could give me a hint to finish it.

Hi Bro, I have finished this module, except this section as well (Bypassing Flawed Validation). I tried all the alternatives for localhost and declared in /etc/hosts. I think it must be something simple, but don’t find out.

I succeeded. In retrospect perhaps too extensive with obfuscate_ip.py and ffuf.
But it was fun at the end when the flag was read!!!

Try using host bypass things like X-Forwarded-Host and X-Host in combination with the provided list of local host alternatives. One of them will work :slight_smile:


For Abusing HTTP-misconfigurations, you should be mindful to test all of the parameters the application provides you. Not just the ones you think should be vulnerable.

Do you have any tips for the hard skill assessment? I found the xss and was able to get the web app to cache it but it wont give me the session cookie of the admin.

What i did was add the xss payload to the request when a user clicks on the “users” and its activates everytime the user tabs is clicked to go to the users page but it doesn’t give me the flag and im all out of ideas

1 Like

did you solve it?
I need help for Advanced Cache Poisoning Techniques