prototype-pollution-nsec18

Prototype pollution attack

An analysis of a vulnerability in JavaScript where an attacker can manipulate the prototype of base objects to inject malicious values

Content released at NorthSec 2018 for my talk on prototype pollution

GitHub

515 stars
12 watching
79 forks
Language: JavaScript
last commit: 6 months ago
Linked from 1 awesome list


Backlinks from these awesome lists:

Related projects:

Repository Description Stars
hackvertor/server-side-prototype-pollution Scans for prototype pollution vulnerabilities in server-side applications 7
snyk-labs/nopp Protects against Prototype Pollution vulnerabilities in JavaScript objects by freezing specific built-in objects. 25
fastify/secure-json-parse A JSON parser with additional security features to prevent prototype pollution 225
hynekpetrak/malware-jail Sandbox for analyzing and understanding JavaScript malware 462
nodesecure/cli Analyzes JavaScript package or local Node.js project for security vulnerabilities and provides detailed reports. 367
o-o-overflow/dc2019q-ooops A proof-of-concept project demonstrating a vulnerability in a proxy service to exploit a universal cross-site scripting bug and access restricted internal websites. 13
sonatype-nexus-community/auditjs Tools to scan npm packages for known vulnerabilities and outdated dependencies. 224
prevade/cloudjack Checks AWS accounts for subdomain hijacking vulnerabilities 84
scotty-c/dirty-cow-poc A proof-of-concept demonstrating the vulnerability of unsecured containers to privilege escalation attacks 12
hapijs/bourne Provides a drop-in replacement for JSON parsing with built-in protection against prototype poisoning vulnerabilities 170
neuralegion/sectester-js-demo-broken-crystals A demo project to integrate the SecTester JS SDK framework into unit tests and CI pipelines for vulnerability testing 0
wekeo/atmoshack2018 A collection of resources and datasets to help solve atmospheric pollution challenges using Copernicus data 5
18dew/project-basil Decentralized platform for IT vendors to share vulnerability information 9
hynekpetrak/javascript-malware-collection A repository of JavaScript malware samples collected over time. 683
vysecurity/cve-2018-4878 Exploits a vulnerability in outdated Shockwave Flash player to gain control of Internet Explorer and execute malicious code. 87