Web cache poisoning with an unkeyed cookie

imagine we have this website.

now intercept the request using burpsuite.

notice the cache header.

now let’s try to see if any request value reflect in the page.

notice that the fehost cookies is reflected in the body of the lab.

let’s try to change it’s value to xss payload.

notice that we got it now send the request multiple times.

now let’s go back to the website.

please notice the alert box.