Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-09-20 06:22:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #703 from Aftab700/JSON-Prototype-Pollution

Browse source 
adding the payload for Polluting the prototype via the `constructor`  property in JSON input
This commit is contained in:
Swissky 2024-01-05 10:24:16 +01:00 committed by GitHub
commit c6f96f7b2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
Prototype Pollution/README.md
View file

@ -99,6 +99,19 @@ Asynchronous payload for NodeJS.
}
```
Polluting the prototype via the `constructor` property instead.
```js
{
"constructor": {
"prototype": {
"foo": "bar",
"json spaces": 10
}
}
}
```
### Prototype Pollution in URL