Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #610 from Swiftrix/Swiftrix-patch-1

Browse source 
Update prototype-pollution-to-rce.md
This commit is contained in:
Carlos Polop 2023-03-27 11:41:01 +02:00 committed by GitHub
commit b54069ccaf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/deserialization/nodejs-proto-prototype-pollution/prototype-pollution-to-rce.md
View file

@ -51,7 +51,7 @@ var proc = fork('a_file.js');
## PP2RCE via env vars
**PP2RCE** means **Prototype Pollution to RCE** (Remote Coxe Execution).
**PP2RCE** means **Prototype Pollution to RCE** (Remote Code Execution).
According to this [**writeup**](https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/) when a **process is spawned** with some method from **`child_process`** (like `fork` or `spawn` or others) it calls the method `normalizeSpawnArguments` which a **prototype pollution gadget to create new env vars**: