Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/HoLyVieR/prototype-pollution-nsec18
Content released at NorthSec 2018 for my talk on prototype pollution
https://github.com/HoLyVieR/prototype-pollution-nsec18
Last synced: 1 day ago
JSON representation
Content released at NorthSec 2018 for my talk on prototype pollution
- Host: GitHub
- URL: https://github.com/HoLyVieR/prototype-pollution-nsec18
- Owner: HoLyVieR
- Created: 2018-05-15T20:27:15.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-05-25T15:10:24.000Z (6 months ago)
- Last Synced: 2024-08-02T05:07:59.036Z (3 months ago)
- Language: JavaScript
- Size: 3.79 MB
- Stars: 513
- Watchers: 12
- Forks: 77
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Prototype pollution attack
## Abstract
Prototype pollution is a term that was coined many years ago in the JavaScript community to designate libraries that added extension methods to the prototype of base objects like "Object", "String" or "Function". This was very rapidly considered a bad practice as it introduced unexpected behavior in applications. In this presentation, we will analyze the problem of prototype pollution from a different angle. What if an attacker could pollute the prototype of the base object with his own value? What APIs allow such pollution? What can be done with it?
## Paper
[Link to paper](paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)
## Slides
[Link to slides](slides/index.html)