Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/HoLyVieR/prototype-pollution-nsec18

Content released at NorthSec 2018 for my talk on prototype pollution
https://github.com/HoLyVieR/prototype-pollution-nsec18

Last synced: 3 days ago
JSON representation

Content released at NorthSec 2018 for my talk on prototype pollution

Host: GitHub
URL: https://github.com/HoLyVieR/prototype-pollution-nsec18
Owner: HoLyVieR
Created: 2018-05-15T20:27:15.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-05-25T15:10:24.000Z (6 months ago)
Last Synced: 2024-08-02T05:07:59.036Z (3 months ago)
Language: JavaScript
Size: 3.79 MB
Stars: 513
Watchers: 12
Forks: 77
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Prototype pollution attack

## Abstract

Prototype pollution is a term that was coined many years ago in the JavaScript community to designate libraries that added extension methods to the prototype of base objects like "Object", "String" or "Function". This was very rapidly considered a bad practice as it introduced unexpected behavior in applications. In this presentation, we will analyze the problem of prototype pollution from a different angle. What if an attacker could pollute the prototype of the base object with his own value? What APIs allow such pollution? What can be done with it?

## Paper

[Link to paper](paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)

## Slides

[Link to slides](slides/index.html)