Skip to content
/ prototype-pollution-nsec18 Public

Content released at NorthSec 2018 for my talk on prototype pollution

514 stars 76 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HoLyVieR/prototype-pollution-nsec18

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
find-vuln
find-vuln
 
 
paper
paper
 
 
payload
payload
 
 
slides
slides
 
 
videos
videos
 
 
README.md
README.md
 
 

Repository files navigation

Prototype pollution attack

Abstract

Prototype pollution is a term that was coined many years ago in the JavaScript community to designate libraries that added extension methods to the prototype of base objects like "Object", "String" or "Function". This was very rapidly considered a bad practice as it introduced unexpected behavior in applications. In this presentation, we will analyze the problem of prototype pollution from a different angle. What if an attacker could pollute the prototype of the base object with his own value? What APIs allow such pollution? What can be done with it?

Paper

Link to paper

Slides

Link to slides

About

Content released at NorthSec 2018 for my talk on prototype pollution

Resources

Readme
Activity

Stars

514 stars

Watchers

12 watching

Forks

76 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages