JavaScript Prototype Pollution

What is JavaScript Prototype Pollution

By using prototypes in JavaScript we are able to overwrite objects and make them execute malicious code.

When application is vulnerable to Prototype Pollution?

In order for application to be vulnerable to prototype pollution it has to implement merge / extend function which is used to modifying objects in the system.

Prototype vs __proto__

Prototype is a property of constructor functions. __proto__ is a property of objects.

// Car = class
// c = implementation of class (object)

Car.prototype.move === c.__proto__.move

Video Explaination

PreviousPost ExploitationNextUnderstand the vulnerability

Last updated