Collaborate Disseminate
In many guides regarding prototype pollution, "merge" functions are listed as potentially vulnerable. But I’m somewhat confused on how this should actually work if a merge function is not recursive. For example this guide lists a… Continue reading Prototype pollution in non-recursive merge function
I’m currently exploring if one legacy project is vulnerable to CVE-2022-24999
I found a very helpful GitHub repo with POCs
However, in my case, I need to check if a payload passed in a JSON body to a POST request would get through. The rep… Continue reading JSON array payload POC for CVE-2022-24999
While pentesting a website I came across yarn.lock file that contains an application dependency and I found this vulnerable library y18n v4.0.0 to CVE-2020-7774.
How can I reproduce the vulnerability or how to use the PoC below?
const y18n… Continue reading How to reproduce this CVE-2020-7774 parameter pollution vulnerability
I run a personal website based on a public template that I grabbed from GitHub (https://github.com/alshedivat/al-folio), and recently, I found weird site requests showing up in my analytics (see below).
At first, I thought this was just … Continue reading Prototype pollution?
I recently found a prototype pollution vulnerability in an open-source project.
The code was something like this:
var a = {}
var b = JSON.parse(‘some_user_input_where_payload_can_be_sent’)
// consider b = JSON.parse(‘{"__proto__"… Continue reading Prototype Pollution – Is this effective only for the Global objects?
I recently found a prototype pollution vulnerability in an application using nodejs and am trying to write an exploit for the same.
I did a simple exploit by using the usual isAdmin flag which is mentioned in a lot of blogs/writeups, etc a… Continue reading Escalating prototype pollution vulnerability in an application
I am trying to perform prototype pollution exploit for a project to demonstrate the vulnerability to the owner.
So I am trying to pollute the toString() function from the user inputs.
The user input has two fields mode of contact and conta… Continue reading Prototype pollution in server instances exploit – what is the correct approach?
let key = keys[j] === ” ? (currentParams as any).length : keys[j];
if (key === ‘__proto__’) {
throw new Error(‘Prototype pollution detected.’);
}
It at least defeats basic url-encoding, but I am unsure if it is robust e… Continue reading Is checking to see if any parameters contain "__proto___" an effective way to mitigate Prototype Pollution vulnerability?
Let’s say if there’s some object and an array
let a = [];
let settings= {
"admin":{"Admin":false},
"language": e // e is user input
}
a[f] = settings // f is user input
The user gets determined if they’re ad… Continue reading letting users create object themselves (prototype pollution)
DOM XSS and client prototype pollution-based XSS have one thing in common, we are modifying the pre-existing JavaScript code to popup an alert(1). Will CSP mitigate XSS in this case? Theoretically, JavaScript is already there and we aren’t… Continue reading Does CSP mitigate against client prototype pollution XSS and DOM XSS?