Prototype pollution is a term that was coined many years ago in the JavaScript community to designate libraries that added extension methods to the prototype of base objects like "Object", "String" or "Function". This was very rapidly considered a bad practice as it introduced unexpected behavior in applications. In this presentation, we will analyze the problem of prototype pollution from a different angle. What if an attacker could pollute the prototype of the base object with his own value? What APIs allow such pollution? What can be done with it?
-
Notifications
You must be signed in to change notification settings - Fork 81
HoLyVieR/prototype-pollution-nsec18
About
Content released at NorthSec 2018 for my talk on prototype pollution
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published