Advanced Cache Poisoning Techniques - Abusing HTTP Misconfigurations

I get the concept of the exercise but when i poison the cache it keeps replacing <,> in my payload with the html code “& lt;” and “& gt;”

Idk how im suppose to bypass this and they don’t explain it in the lesson they just explain the cache poisoning but not how to bypass any character sanitization

If somebody can point me to the right direction i feel so dumb lol

Nvm i figured it out. Hint for all those that have the same problem. Try Every GET Parameter.

Hey man, how did you bypass the character sanitization? I’m having the same problem, already tried to inject in every get request, but it keeps sanitazing…

There are parameters there that are not sanitized…

1 Like

thank you so much!! I got the flag! <3

1 Like