Detecting prototype pollution vulnerabilities in JavaScript using static analysis
-
Updated
Apr 24, 2022 - JavaScript
Detecting prototype pollution vulnerabilities in JavaScript using static analysis
Secure drop-in replacement for the `JSON` global with prototype pollution protection
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
JavaScript Prototype Pollution Attack demo against a NodeJS Express server using Lodash
Check prototype pollution in JS libraries
A website developed with Nodejs. This website includes server side prototype pollution vulnerability
Security Research and PoC
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
My Write Up for Portswigger Prototype Polution Write Up
A sample application vulnerable to JavaScript prototype pollution
A CTF challenge we put together for Ekoparty's 2023 main CTF
Let's check if your target is vulnerable for client side prototype pollution.
A tool which helps identifying client-side prototype polluting libraries
A collection of Server-Side Prototype Pollution gadgets and exploits
The Most Advanced Client-Side Prototype Pollution Scanner
Endo is a distributed secure JavaScript sandbox, based on SES
Add a description, image, and links to the prototype-pollution topic page so that developers can more easily learn about it.
To associate your repository with the prototype-pollution topic, visit your repo's landing page and select "manage topics."