Skip to content

HoLyVieR/prototype-pollution-nsec18

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
find-vuln
Added the missing fuzzer described in the paper.
October 31, 2018 16:39
paper
Full content.
May 15, 2018 22:27
payload
Full content.
May 15, 2018 22:27
slides
Fixed typo
June 9, 2018 10:00
videos
Full content.
May 15, 2018 22:27
README.md
Fixed README
May 15, 2018 22:26
Prototype pollution attack Abstract Paper Slides

README.md

Prototype pollution attack

Abstract

Prototype pollution is a term that was coined many years ago in the JavaScript community to designate libraries that added extension methods to the prototype of base objects like "Object", "String" or "Function". This was very rapidly considered a bad practice as it introduced unexpected behavior in applications. In this presentation, we will analyze the problem of prototype pollution from a different angle. What if an attacker could pollute the prototype of the base object with his own value? What APIs allow such pollution? What can be done with it?

Paper

Link to paper

Slides

Link to slides

About

Content released at NorthSec 2018 for my talk on prototype pollution

Resources

Readme

Stars

472 stars

Watchers

12 watching

Forks

74 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages