Prototype Pollution Leads to RCE: Gadgets Everywhere
Many have heard about Prototype Pollution vulnerabilities in JavaScript applications. This kind of vulnerability allows an attacker to inject properties into an object’s root prototype that may lead to flow control alteration and unexpected program behavior. Every time a successful exploit looks like magic or is limited to a denial of service (DoS). Would you be surprised if I told you that every application has a chain of methods that can be triggered by Prototype Pollution and leads to arbitrary code execution? Such gadgets populated core code and popular NPM packages. Keep calm. Not every app can be exploited! However, this fact increases the risk of exploitation many times over.
In our research, we studied Prototype Pollution beyond DoS and analyzed source code against the gadgets.....
By: Mikhail Shcherbakov
Full Abstract and Presentation Materials:
#prototype-pollution-leads-to-rce-gadgets-everywhere-31065
3 weeks ago 00:45:32 1
3 weeks ago 00:08:42 1
3 weeks ago 00:06:31 1
4 weeks ago 00:45:32 1
4 weeks ago 00:13:15 1
4 weeks ago 00:15:08 1
4 weeks ago 00:14:08 1
4 weeks ago 00:10:05 1
2 months ago 00:08:41 2
3 months ago 00:11:53 1
3 months ago 01:07:57 1
5 months ago 00:24:05 1
5 months ago 01:06:32 1
6 months ago 00:03:18 1
7 months ago 00:39:36 1
9 months ago 00:12:01 2
9 months ago 01:49:39 1
9 months ago 00:01:43 1
11 months ago 00:50:50 1
11 months ago 00:02:14 1
11 months ago 01:29:55 1
1 year ago 00:48:00 1
2 years ago 00:54:34 24
2 years ago 01:49:39 1
